Lucene search

PRIOn knowledge basePRION:CVE-2012-1499

HistoryApr 11, 2012 - 10:39 a.m.

Heap overflow

2012-04-1110:39:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.067 Low

EPSS

Percentile

93.7%

JSON

The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka “out-of heap-based buffer write.”

CPENameOperatorVersion
openjpegeq1.3
openjpegle1.4

CPE	Name	Operator	Version
	openjpeg	eq	1.3
	openjpeg	le	1.4

References

security.gentoo.org/glsa/glsa-201206-06.xml

technet.microsoft.com/en-us/security/msvr/msvr12-004

www.securityfocus.com/bid/52654

bugzilla.redhat.com/show_bug.cgi?id=805912

code.google.com/p/openjpeg/source/detail?r=1330

lists.fedoraproject.org/pipermail/package-announce/2012-June/082923.html

lists.fedoraproject.org/pipermail/package-announce/2012-June/083105.html

openjpeg.googlecode.com/svn/branches/openjpeg-1.5/NEWS

8.1 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.067 Low

EPSS

Percentile

93.7%

JSON

Related for PRION:CVE-2012-1499