Lucene search

[email protected]CVE-2012-1499

HistoryApr 11, 2012 - 10:39 a.m.

CVE-2012-1499

2012-04-1110:39:26

CWE-119

[email protected]

web.nvd.nist.gov

openjpeg

cve-2012-1499

remote code execution

jpeg image

memory corruption

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.067 Low

EPSS

Percentile

93.9%

JSON

The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka “out-of heap-based buffer write.”

Affected configurations

NVD

Node

uclouvainopenjpegRange≤1.4

uclouvainopenjpegMatch1.3

CPENameOperatorVersion
uclouvain:openjpeguclouvain openjpegle1.4
uclouvain:openjpeguclouvain openjpegeq1.3

CPE	Name	Operator	Version
uclouvain:openjpeg	uclouvain openjpeg	le	1.4
uclouvain:openjpeg	uclouvain openjpeg	eq	1.3

References

code.google.com/p/openjpeg/source/detail?r=1330

lists.fedoraproject.org/pipermail/package-announce/2012-June/082923.html

lists.fedoraproject.org/pipermail/package-announce/2012-June/083105.html

openjpeg.googlecode.com/svn/branches/openjpeg-1.5/NEWS

security.gentoo.org/glsa/glsa-201206-06.xml

technet.microsoft.com/en-us/security/msvr/msvr12-004

www.securityfocus.com/bid/52654

bugzilla.redhat.com/show_bug.cgi?id=805912

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.067 Low

EPSS

Percentile

93.9%

JSON

Related for CVE-2012-1499

openvas14 msvr1 cvelist1 gentoo1 ubuntucve1 nvd1 prion1 nessus3 fedora5