Back to search
CVE-2011-4517
Published: Dec 15, 2011
Modified: Oct 21, 2024
PUBLISHED
Description
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2011:1811
vendor-advisory
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=747726
x_refsource_CONFIRM
47306
third-party-advisory
x_refsource_SECUNIA
USN-1315-1
vendor-advisory
x_refsource_UBUNTU
openSUSE-SU-2011:1317
vendor-advisory
x_refsource_SUSE
DSA-2371
vendor-advisory
x_refsource_DEBIAN
FEDORA-2011-16966
vendor-advisory
x_refsource_FEDORA
http://www-01.ibm.com/support/docview.wss?uid=swg21660640
x_refsource_CONFIRM
FEDORA-2011-16955
vendor-advisory
x_refsource_FEDORA
47353
third-party-advisory
x_refsource_SECUNIA
RHSA-2011:1807
vendor-advisory
x_refsource_REDHAT
77596
vdb-entry
x_refsource_OSVDB
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
x_refsource_CONFIRM
RHSA-2015:0698
vendor-advisory
x_refsource_REDHAT
jasper-jpccrggetparms-bo(71701)
vdb-entry
x_refsource_XF
VU#887409
third-party-advisory
x_refsource_CERT-VN
50992
vdb-entry
x_refsource_BID
47193
third-party-advisory
x_refsource_SECUNIA
SSA:2015-302-02
vendor-advisory
x_refsource_SLACKWARE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now