CVE-2012-1499

Publication date 11 April 2012

Last updated 24 July 2024


Ubuntu priority

The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka "out-of heap-based buffer write."

Read the notes from the security team

Status

Package Ubuntu Release Status
openjpeg 12.04 LTS precise
Not affected
11.10 oneiric
Not affected
11.04 natty
Not affected
10.10 maverick Ignored end of life
10.04 LTS lucid
Not affected
8.04 LTS hardy Not in release

Notes


jdstrand

per Debian, code introduced after 1.3