CVE-2012-3358Improper Restriction of Operations within the Bounds of a Memory Buffer in Openjpeg

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow6 documents5 sources
Severity
10.0CRITICALNVD
EPSS
5.2%
top 10.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Uclouvain Openjpeg
Timeline
PublishedJul 18
Latest updateMay 13

Description

Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-2m5h-fr2p-prrm: Multiple heap-based buffer overflows in the j2k_read_sot function in j2k2022-05-13
CVEList
CVE-2012-3358: Multiple heap-based buffer overflows in the j2k_read_sot function in j2k2012-07-18

📋Vendor Advisories

1
Red Hat
openjpeg: heap-based buffer overflow when processing JPEG2000 image files2012-07-10

💬Community

2
Bugzilla
CVE-2012-3358 openjpeg: heap-based buffer overflow when processing JPEG2000 image files [fedora-all]2012-07-11
Bugzilla
CVE-2012-3358 openjpeg: heap-based buffer overflow when processing JPEG2000 image files2012-06-27
CVE-2012-3358 — Uclouvain Openjpeg vulnerability | cvebase