CVE-2009-5030

Published: 18 July 2012

The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "invalid free."

Priority

Status

Package	Release	Status
openjpeg Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Released (1.3+dfsg-4+squeeze1build0.10.04.1)
	natty	Ignored (end of life)
	oneiric	Released (1.3+dfsg-4+squeeze1build0.11.10.1)
	precise	Released (1.3+dfsg-4+squeeze1build0.12.04.1)
	quantal	Not vulnerable (1.3+dfsg-4.3)
	upstream	Released (1.3+dfsg-4.1)

References

http://code.google.com/p/openjpeg/issues/detail?id=5
http://www.openwall.com/lists/oss-security/2012/04/13/1
https://www.cve.org/CVERecord?id=CVE-2009-5030
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/672455
https://bugzilla.redhat.com/show_bug.cgi?id=812317

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›