The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
20 Dec 2023, 18:29
Type | Values Removed | Values Added |
---|---|---|
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2011-1807.html - Third Party Advisory | |
References | (CONFIRM) http://www-01.ibm.com/support/docview.wss?uid=swg21660640 - Broken Link | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html - Mailing List, Third Party Advisory | |
References | (CERT-VN) http://www.kb.cert.org/vuls/id/887409 - Third Party Advisory, US Government Resource | |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html - Mailing List, Third Party Advisory | |
References | (OSVDB) http://osvdb.org/77596 - Broken Link | |
References | (BID) http://www.securityfocus.com/bid/50992 - Broken Link, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/47353 - Not Applicable | |
References | (SECUNIA) http://secunia.com/advisories/47193 - Not Applicable | |
References | (SLACKWARE) http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 - Release Notes | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-0698.html - Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2011/dsa-2371 - Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - Third Party Advisory | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2011-1811.html - Third Party Advisory | |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=747726 - Issue Tracking | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/71701 - Third Party Advisory, VDB Entry | |
References | (UBUNTU) http://www.ubuntu.com/usn/USN-1315-1 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/47306 - Not Applicable | |
CWE | CWE-787 | |
CPE | cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:* cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:* cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* cpe:2.3:a:oracle:outside_in_technology:8.3.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:4:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:* cpe:2.3:a:oracle:outside_in_technology:8.3.5:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:* |
|
First Time |
Oracle outside In Technology
Fedoraproject Suse linux Enterprise Desktop Redhat Suse linux Enterprise Server Debian debian Linux Debian Redhat enterprise Linux Desktop Oracle Fedoraproject fedora Canonical ubuntu Linux Suse linux Enterprise Software Development Kit Canonical Suse |
Information
Published : 2011-12-15 03:57
Updated : 2024-02-28 11:41
NVD link : CVE-2011-4517
Mitre link : CVE-2011-4517
CVE.ORG link : CVE-2011-4517
JSON object : View
Products Affected
jasper_project
- jasper
debian
- debian_linux
fedoraproject
- fedora
suse
- linux_enterprise_desktop
- linux_enterprise_server
- linux_enterprise_software_development_kit
redhat
- enterprise_linux_desktop
oracle
- outside_in_technology
canonical
- ubuntu_linux
CWE
CWE-787
Out-of-bounds Write