CVE-2012-3358
Published: 18 July 2012
Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file.
Priority
Status
Package | Release | Status |
---|---|---|
openjpeg Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(1.3+dfsg-4+squeeze1build0.10.04.1)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Released
(1.3+dfsg-4+squeeze1build0.11.10.1)
|
|
precise |
Released
(1.3+dfsg-4+squeeze1build0.12.04.1)
|
|
quantal |
Not vulnerable
(1.3+dfsg-4.5)
|
|
upstream |
Released
(1.3+dfsg-4.4)
|
|
Patches: other: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=openjpeg-tile-sanity.patch;att=1;bug=681075 other: http://code.google.com/p/openjpeg/source/detail?r=1727 |