[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-1499Date: (C)2012-04-11   (M)2023-12-22


The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka "out-of heap-based buffer write."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
BID-52654
FEDORA-2012-9602
FEDORA-2012-9628
GLSA-201206-06
http://code.google.com/p/openjpeg/source/detail?r=1330
http://openjpeg.googlecode.com/svn/branches/openjpeg-1.5/NEWS
http://technet.microsoft.com/en-us/security/msvr/msvr12-004
https://bugzilla.redhat.com/show_bug.cgi?id=805912

CWE    1
CWE-119
OVAL    5
oval:org.secpod.oval:def:104241
oval:org.secpod.oval:def:105291
oval:org.secpod.oval:def:104277
oval:org.secpod.oval:def:103953
...

© SecPod Technologies