what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2012-3535

Status Candidate

Overview

Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file.

Related Files

Gentoo Linux Security Advisory 201310-07
Posted Oct 10, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-7 - Multiple vulnerabilities in OpenJPEG could result in execution of arbitrary code. Versions less than 1.5.1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-5030, CVE-2012-3358, CVE-2012-3535
SHA-256 | 4744b99bae389f5d50939f689297bb60a271c09b189e9dc15ebe646d7d6c5a03
Mandriva Linux Security Advisory 2013-110
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-110 - An out-of heap-based buffer bounds read and write flaw, leading to invalid free, was found in the way a tile coder / decoder implementation of OpenJPEG, an open-source JPEG 2000 codec written in C language, performed releasing of previously allocated memory for the TCD encoder handle by processing certain Gray16 TIFF images. A remote attacker could provide a specially-crafted TIFF image file, which once converted into the JPEG 2000 file format with an application linked against OpenJPEG , would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. It was found that OpenJPEG failed to sanity-check an image header field before using it. A remote attacker could provide a specially-crafted image file that could cause an application linked against OpenJPEG to crash or, possibly, execute arbitrary code.

tags | advisory, remote, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2009-5030, CVE-2012-3358, CVE-2012-3535
SHA-256 | acfabe7c379941314b4673a60453eb592f04a2d4f5f922a4e9d7825824cda873
Debian Security Advisory 2629-1
Posted Feb 26, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2629-1 - Multiple OpenJPEG issues have been addressed. Heap memory corruption leading to invalid free when processing certain Gray16 TIFF images. Huzaifa Sidhpurwala of the Red Hat Security Response Team found a heap-based buffer overflow in JPEG2000 image parsing. Huzaifa Sidhpurwala of the Red Hat Security Response Team found a heap-based buffer overflow when decoding JPEG2000 images.

tags | advisory, overflow
systems | linux, redhat, debian
advisories | CVE-2009-5030, CVE-2012-3358, CVE-2012-3535
SHA-256 | f5a211f64f0275309bc3f98a01bf8d552052d9e43cec1d291991394d2ff0966e
Mandriva Linux Security Advisory 2012-157
Posted Oct 3, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-157 - A heap-based buffer overflow was found in the way OpenJPEG, an open-source JPEG 2000 codec written in C language, performed parsing of JPEG2000 image files. A remote attacker could provide a specially crafted JPEG 2000 file, which when opened in an application linked against openjpeg would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application. The updated packages have been patched to correct this issue.

tags | advisory, remote, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2012-3535
SHA-256 | 98b971182788c5e8b4e095f6cb612c4623eefe0b9568441f95a2df93944ca40f
Red Hat Security Advisory 2012-1283-01
Posted Sep 17, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1283-01 - OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. It was found that OpenJPEG failed to sanity-check an image header field before using it. A remote attacker could provide a specially-crafted image file that could cause an application linked against OpenJPEG to crash or, possibly, execute arbitrary code. This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2012-3535
SHA-256 | c223a367dbb574263853258126dea3b874b289aec4f93f819b0dde0fb91949a2
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close