CVE-2011-4517
published 2011-12-15CVE-2011-4517: The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote…
medium6.8CVSS 3.1
AVNACMAuNCPIPAP
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | ghostscript | >= 0 < 8.64~dfsg-2 | 8.64~dfsg-2 |
| artifex | ghostscript | >= 0 < 8.64~dfsg-2 | 8.64~dfsg-2 |
| artifex | ghostscript | >= 0 < 8.64~dfsg-2 | 8.64~dfsg-2 |
| artifex | ghostscript | >= 0 < 8.64~dfsg-2 | 8.64~dfsg-2 |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | ghostscript | < ghostscript 8.64~dfsg-2 (bookworm) | ghostscript 8.64~dfsg-2 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| jasper_project | jasper | — | — |
| oracle | outside_in_technology | — | — |
| oracle | outside_in_technology | — | — |
| redhat | enterprise_linux_desktop | — | — |
| suse | linux_enterprise_desktop | — | — |
| suse | linux_enterprise_server | — | — |
| suse | linux_enterprise_software_development_kit | — | — |
CVSS provenance
nvd6.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM