CVE-2011-4517

CWE-787 — Out-of-bounds Write CWE-119 — Buffer Overflow CWE-122 — Heap-based Buffer Overflow16 documents9 sources

Severity

6.8MEDIUM

EPSS

42.1%

top 2.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canonical Ubuntu Linux Debian Debian Linux Fedoraproject Fedora +6 more

Timeline

PublishedDec 15

Latest updateMay 17

Description

The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages7 packages

▶NVDjasper_project/jasper1.900.1

▶Debianghostscript< 8.64~dfsg-2+3

▶NVDoracle/outside_in_technology8.3.5, 8.3.7+1

▶NVDsuse/linux_enterprise_server11

▶NVDsuse/linux_enterprise_desktop11

Also affects: Debian Linux 6.0, Fedora 15, 16, Ubuntu Linux 10.04, 10.10, 11.04, 11.10

🔴Vulnerability Details

GHSA

GHSA-fh37-rq45-7gc5: The jpc_crg_getparms function in libjasper/jpc/jpc_cs↗2022-05-17

▶

OSV

CVE-2011-4517: The jpc_crg_getparms function in libjasper/jpc/jpc_cs↗2011-12-15

▶

CVEList

CVE-2011-4517: The jpc_crg_getparms function in libjasper/jpc/jpc_cs↗2011-12-15

▶

💥Exploits & PoCs

Exploit-DB

Oracle - xdb.xdb_pitrig_pkg.PITRIG_DROPMETADATA procedure↗2011-11-07

▶

📋Vendor Advisories

Red Hat

jasper: insufficient memory allocation in jpc_crg_getparms() (rejected duplicate of CVE-2011-4517)↗2016-10-17

▶

Ubuntu

Ghostscript vulnerabilities↗2012-01-04

▶

Ubuntu

JasPer vulnerabilities↗2011-12-20

▶

Red Hat

jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409)↗2011-12-08

▶

Debian

CVE-2011-4517: ghostscript - The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses a...↗2011

▶

💬Community

Bugzilla

CVE-2011-4516 CVE-2011-4517 jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409) [epel-4]↗2011-12-09

▶

Bugzilla

CVE-2011-4516 CVE-2011-4517 jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409) [fedora-all]↗2011-12-09

▶

Bugzilla

CVE-2011-4516 CVE-2011-4517 jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409) [epel-5]↗2011-12-09

▶

Bugzilla

CVE-2011-4516 CVE-2011-4517 mingw32-jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409) [fedora-all]↗2011-12-09

▶

Bugzilla

CVE-2011-4516 CVE-2011-4517 jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409) [epel-5]↗2011-12-09

▶