CVE-2011-4516
Severity
6.8MEDIUM
EPSS
47.8%
top 2.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 15
Latest updateMay 17
Description
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.
CVSS vector
AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4
Affected Packages6 packages
Also affects: Debian Linux 6.0, Fedora 15, 16, Ubuntu Linux 10.04, 10.10, 11.04, 11.10
🔴Vulnerability Details
3GHSA▶
GHSA-v5vh-4qg5-mqc3: Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs↗2022-05-17
CVEList▶
CVE-2011-4516: Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs↗2011-12-15
OSV▶
CVE-2011-4516: Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs↗2011-12-15
📋Vendor Advisories
5💬Community
6Bugzilla▶
CVE-2011-4516 CVE-2011-4517 jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409) [epel-4]↗2011-12-09
Bugzilla▶
CVE-2011-4516 CVE-2011-4517 jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409) [fedora-all]↗2011-12-09
Bugzilla▶
CVE-2011-4516 CVE-2011-4517 jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409) [epel-5]↗2011-12-09
Bugzilla▶
CVE-2011-4516 CVE-2011-4517 mingw32-jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409) [fedora-all]↗2011-12-09
Bugzilla▶
CVE-2011-4516 CVE-2011-4517 jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409) [epel-5]↗2011-12-09