The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
20 Dec 2023, 18:29
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html - Mailing List, Third Party Advisory | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html - Mailing List, Third Party Advisory | |
References | () http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html - Mailing List, Third Party Advisory | |
References | () http://osvdb.org/77596 - Broken Link | |
References | () http://rhn.redhat.com/errata/RHSA-2015-0698.html - Third Party Advisory | |
References | () http://secunia.com/advisories/47193 - Not Applicable | |
References | () http://secunia.com/advisories/47306 - Not Applicable | |
References | () http://secunia.com/advisories/47353 - Not Applicable | |
References | () http://www-01.ibm.com/support/docview.wss?uid=swg21660640 - Broken Link | |
References | () http://www.debian.org/security/2011/dsa-2371 - Third Party Advisory | |
References | () http://www.kb.cert.org/vuls/id/887409 - Third Party Advisory, US Government Resource | |
References | () http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - Third Party Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2011-1807.html - Third Party Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2011-1811.html - Third Party Advisory | |
References | () http://www.securityfocus.com/bid/50992 - Broken Link, VDB Entry | |
References | () http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 - Release Notes | |
References | () http://www.ubuntu.com/usn/USN-1315-1 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=747726 - Issue Tracking | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/71701 - Third Party Advisory, VDB Entry | |
CWE | CWE-787 | |
CPE | cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:* cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:* cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:* cpe:2.3:a:oracle:outside_in_technology:8.3.5:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:4:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:* cpe:2.3:a:oracle:outside_in_technology:8.3.7:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:* |
|
First Time |
Canonical
Suse linux Enterprise Desktop Redhat enterprise Linux Desktop Oracle outside In Technology Fedoraproject fedora Fedoraproject Suse Oracle Canonical ubuntu Linux Debian Redhat Suse linux Enterprise Server Debian debian Linux Suse linux Enterprise Software Development Kit |
Information
Published : 2011-12-15 03:57
Updated : 2023-12-20 18:29
NVD link : CVE-2011-4517
Mitre link : CVE-2011-4517
CVE.ORG link : CVE-2011-4517
JSON object : View
Products Affected
oracle
- outside_in_technology
jasper_project
- jasper
redhat
- enterprise_linux_desktop
suse
- linux_enterprise_server
- linux_enterprise_software_development_kit
- linux_enterprise_desktop
debian
- debian_linux
canonical
- ubuntu_linux
fedoraproject
- fedora
CWE
CWE-787
Out-of-bounds Write