CVE-2012-3535Improper Restriction of Operations within the Bounds of a Memory Buffer in Openjpeg

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow6 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
4.6%
top 10.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Uclouvain Openjpeg
Timeline
PublishedSep 5
Latest updateMay 13

Description

Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-cfh8-rvcx-v326: Heap-based buffer overflow in OpenJPEG 12022-05-13
CVEList
CVE-2012-3535: Heap-based buffer overflow in OpenJPEG 12012-09-05

📋Vendor Advisories

1
Red Hat
openjpeg: heap-based buffer overflow when decoding jpeg2000 files2012-08-27

💬Community

2
Bugzilla
CVE-2012-3535 openjpeg: heap-based buffer overflow when decoding jpeg2000 files [fedora-all]2012-08-27
Bugzilla
CVE-2012-3535 openjpeg: heap-based buffer overflow when decoding jpeg2000 files2012-07-24
CVE-2012-3535 — Uclouvain Openjpeg vulnerability | cvebase