Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
20 Dec 2023, 18:29
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:* cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:* cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:* cpe:2.3:a:oracle:outside_in_technology:8.3.5:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:* cpe:2.3:a:oracle:outside_in_technology:8.3.7:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:* |
|
References | () http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html - Mailing List, Third Party Advisory | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html - Mailing List, Third Party Advisory | |
References | () http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html - Mailing List, Third Party Advisory | |
References | () http://osvdb.org/77595 - Broken Link | |
References | () http://rhn.redhat.com/errata/RHSA-2015-0698.html - Third Party Advisory | |
References | () http://secunia.com/advisories/47193 - Not Applicable | |
References | () http://secunia.com/advisories/47306 - Not Applicable | |
References | () http://secunia.com/advisories/47353 - Not Applicable | |
References | () http://www-01.ibm.com/support/docview.wss?uid=swg21660640 - Broken Link | |
References | () http://www.debian.org/security/2011/dsa-2371 - Third Party Advisory | |
References | () http://www.kb.cert.org/vuls/id/887409 - Third Party Advisory, US Government Resource | |
References | () http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - Third Party Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2011-1807.html - Not Applicable | |
References | () http://www.redhat.com/support/errata/RHSA-2011-1811.html - Not Applicable, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/50992 - Third Party Advisory, VDB Entry | |
References | () http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 - Release Notes | |
References | () http://www.ubuntu.com/usn/USN-1315-1 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=747726 - Issue Tracking | |
CWE | CWE-787 | |
First Time |
Debian
Canonical Suse linux Enterprise Desktop Suse linux Enterprise Server Debian debian Linux Suse linux Enterprise Software Development Kit Fedoraproject fedora Fedoraproject Suse Oracle Canonical ubuntu Linux Oracle outside In Technology |
Information
Published : 2011-12-15 03:57
Updated : 2023-12-20 18:29
NVD link : CVE-2011-4516
Mitre link : CVE-2011-4516
CVE.ORG link : CVE-2011-4516
JSON object : View
Products Affected
suse
- linux_enterprise_desktop
- linux_enterprise_software_development_kit
- linux_enterprise_server
canonical
- ubuntu_linux
debian
- debian_linux
jasper_project
- jasper
fedoraproject
- fedora
oracle
- outside_in_technology
CWE
CWE-787
Out-of-bounds Write