CVE-2012-1499Improper Restriction of Operations within the Bounds of a Memory Buffer in Openjpeg

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-172Encoding ErrorCWE-122Heap-based Buffer Overflow6 documents5 sources
Severity
9.3CRITICALNVD
EPSS
3.8%
top 11.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Uclouvain Openjpeg
Timeline
PublishedApr 11
Latest updateMay 13

Description

The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka "out-of heap-based buffer write."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-jw58-44xh-h2cf: The JPEG 2000 codec (jp22022-05-13
CVEList
CVE-2012-1499: The JPEG 2000 codec (jp22012-04-11

📋Vendor Advisories

2
Red Hat
openjpeg: Out-of heap-based buffer write by processing palette information in certain JPEG 2000 images2012-03-20
Red Hat
xchat: Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP2012-01-17

💬Community

1
Bugzilla
CVE-2012-1499 openjpeg: Out-of heap-based buffer write by processing palette information in certain JPEG 2000 images2012-03-22
CVE-2012-1499 — Uclouvain Openjpeg vulnerability | cvebase