CVE-2009-5030Improper Restriction of Operations within the Bounds of a Memory Buffer in Openjpeg

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
4.5%
top 10.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Uclouvain Openjpeg
Timeline
PublishedJul 18
Latest updateMay 2

Description

The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "invalid free."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDuclouvain/openjpeg1.3, 1.4, 1.5+2

Patches

Patch: code.google.comPatch: code.google.com

🔴Vulnerability Details

2
GHSA
GHSA-5f2v-78x3-pvgj: The tcd_free_encode function in tcd2022-05-02
CVEList
CVE-2009-5030: The tcd_free_encode function in tcd2012-07-18

📋Vendor Advisories

1
Red Hat
openjpeg: Heap memory corruption leading to invalid free by processing certain Gray16 TIFF images2009-07-31

💬Community

1
Bugzilla
CVE-2009-5030 openjpeg: Heap memory corruption leading to invalid free by processing certain Gray16 TIFF images2012-04-13
CVE-2009-5030 — Uclouvain Openjpeg vulnerability | cvebase