CVE-2012-1499
Published: 11 April 2012
The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka "out-of heap-based buffer write."
Notes
Author | Note |
---|---|
jdstrand | per Debian, code introduced after 1.3 |
Priority
Status
Package | Release | Status |
---|---|---|
openjpeg Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
(code-not-present)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Not vulnerable
(code-not-present)
|
|
oneiric |
Not vulnerable
(code-not-present)
|
|
precise |
Not vulnerable
(code-not-present)
|
|
upstream |
Released
(1.5)
|