what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2012-3535

Status Candidate

Overview

Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file.

Related Files

Gentoo Linux Security Advisory 201310-07
Posted Oct 10, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-7 - Multiple vulnerabilities in OpenJPEG could result in execution of arbitrary code. Versions less than 1.5.1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-5030, CVE-2012-3358, CVE-2012-3535
SHA-256 | 4744b99bae389f5d50939f689297bb60a271c09b189e9dc15ebe646d7d6c5a03
Mandriva Linux Security Advisory 2013-110
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-110 - An out-of heap-based buffer bounds read and write flaw, leading to invalid free, was found in the way a tile coder / decoder implementation of OpenJPEG, an open-source JPEG 2000 codec written in C language, performed releasing of previously allocated memory for the TCD encoder handle by processing certain Gray16 TIFF images. A remote attacker could provide a specially-crafted TIFF image file, which once converted into the JPEG 2000 file format with an application linked against OpenJPEG , would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. It was found that OpenJPEG failed to sanity-check an image header field before using it. A remote attacker could provide a specially-crafted image file that could cause an application linked against OpenJPEG to crash or, possibly, execute arbitrary code.

tags | advisory, remote, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2009-5030, CVE-2012-3358, CVE-2012-3535
SHA-256 | acfabe7c379941314b4673a60453eb592f04a2d4f5f922a4e9d7825824cda873
Debian Security Advisory 2629-1
Posted Feb 26, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2629-1 - Multiple OpenJPEG issues have been addressed. Heap memory corruption leading to invalid free when processing certain Gray16 TIFF images. Huzaifa Sidhpurwala of the Red Hat Security Response Team found a heap-based buffer overflow in JPEG2000 image parsing. Huzaifa Sidhpurwala of the Red Hat Security Response Team found a heap-based buffer overflow when decoding JPEG2000 images.

tags | advisory, overflow
systems | linux, redhat, debian
advisories | CVE-2009-5030, CVE-2012-3358, CVE-2012-3535
SHA-256 | f5a211f64f0275309bc3f98a01bf8d552052d9e43cec1d291991394d2ff0966e
Mandriva Linux Security Advisory 2012-157
Posted Oct 3, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-157 - A heap-based buffer overflow was found in the way OpenJPEG, an open-source JPEG 2000 codec written in C language, performed parsing of JPEG2000 image files. A remote attacker could provide a specially crafted JPEG 2000 file, which when opened in an application linked against openjpeg would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application. The updated packages have been patched to correct this issue.

tags | advisory, remote, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2012-3535
SHA-256 | 98b971182788c5e8b4e095f6cb612c4623eefe0b9568441f95a2df93944ca40f
Red Hat Security Advisory 2012-1283-01
Posted Sep 17, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1283-01 - OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. It was found that OpenJPEG failed to sanity-check an image header field before using it. A remote attacker could provide a specially-crafted image file that could cause an application linked against OpenJPEG to crash or, possibly, execute arbitrary code. This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2012-3535
SHA-256 | c223a367dbb574263853258126dea3b874b289aec4f93f819b0dde0fb91949a2
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close