CVE-2011-4516

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2011-4516
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html Mailing List Third Party Advisory
http://osvdb.org/77595 Broken Link
http://rhn.redhat.com/errata/RHSA-2015-0698.html Third Party Advisory
http://secunia.com/advisories/47193 Not Applicable
http://secunia.com/advisories/47306 Not Applicable
http://secunia.com/advisories/47353 Not Applicable
http://www-01.ibm.com/support/docview.wss?uid=swg21660640 Broken Link
http://www.debian.org/security/2011/dsa-2371 Third Party Advisory
http://www.kb.cert.org/vuls/id/887409 Third Party Advisory US Government Resource
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1807.html Not Applicable
http://www.redhat.com/support/errata/RHSA-2011-1811.html Not Applicable Third Party Advisory
http://www.securityfocus.com/bid/50992 Third Party Advisory VDB Entry
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 Release Notes
http://www.ubuntu.com/usn/USN-1315-1 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=747726 Issue Tracking
Configurations

Configuration 1 (hide)

cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:oracle:outside_in_technology:8.3.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:outside_in_technology:8.3.7:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*
History

20 Dec 2023, 18:29

Type Values Removed Values Added
CPE cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*
cpe:2.3:a:oracle:outside_in_technology:8.3.5:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
cpe:2.3:a:oracle:outside_in_technology:8.3.7:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
References () http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html - () http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html - Mailing List, Third Party Advisory
References () http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html - () http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html - () http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html - Mailing List, Third Party Advisory
References () http://osvdb.org/77595 - () http://osvdb.org/77595 - Broken Link
References () http://rhn.redhat.com/errata/RHSA-2015-0698.html - () http://rhn.redhat.com/errata/RHSA-2015-0698.html - Third Party Advisory
References () http://secunia.com/advisories/47193 - () http://secunia.com/advisories/47193 - Not Applicable
References () http://secunia.com/advisories/47306 - () http://secunia.com/advisories/47306 - Not Applicable
References () http://secunia.com/advisories/47353 - () http://secunia.com/advisories/47353 - Not Applicable
References () http://www-01.ibm.com/support/docview.wss?uid=swg21660640 - () http://www-01.ibm.com/support/docview.wss?uid=swg21660640 - Broken Link
References () http://www.debian.org/security/2011/dsa-2371 - () http://www.debian.org/security/2011/dsa-2371 - Third Party Advisory
References () http://www.kb.cert.org/vuls/id/887409 - US Government Resource () http://www.kb.cert.org/vuls/id/887409 - Third Party Advisory, US Government Resource
References () http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - () http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - Third Party Advisory
References () http://www.redhat.com/support/errata/RHSA-2011-1807.html - () http://www.redhat.com/support/errata/RHSA-2011-1807.html - Not Applicable
References () http://www.redhat.com/support/errata/RHSA-2011-1811.html - () http://www.redhat.com/support/errata/RHSA-2011-1811.html - Not Applicable, Third Party Advisory
References () http://www.securityfocus.com/bid/50992 - () http://www.securityfocus.com/bid/50992 - Third Party Advisory, VDB Entry
References () http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 - () http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 - Release Notes
References () http://www.ubuntu.com/usn/USN-1315-1 - () http://www.ubuntu.com/usn/USN-1315-1 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=747726 - () https://bugzilla.redhat.com/show_bug.cgi?id=747726 - Issue Tracking
CWE CWE-119 CWE-787
First Time Debian
Canonical
Suse linux Enterprise Desktop
Suse linux Enterprise Server
Debian debian Linux
Suse linux Enterprise Software Development Kit
Fedoraproject fedora
Fedoraproject
Suse
Oracle
Canonical ubuntu Linux
Oracle outside In Technology
Information

Published : 2011-12-15 03:57

Updated : 2023-12-20 18:29

NVD link : CVE-2011-4516

Mitre link : CVE-2011-4516

CVE.ORG link : CVE-2011-4516

JSON object : View

Products Affected

suse

  • linux_enterprise_desktop
  • linux_enterprise_software_development_kit
  • linux_enterprise_server

canonical

  • ubuntu_linux

debian

  • debian_linux

jasper_project

  • jasper

fedoraproject

  • fedora

oracle

  • outside_in_technology
CWE
CWE-787

Out-of-bounds Write