CVE-2013-4290Improper Restriction of Operations within the Bounds of a Memory Buffer in Openjpeg

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-121Stack-based Buffer Overflow5 documents5 sources
Severity
10.0CRITICALNVD
EPSS
1.4%
top 19.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Uclouvain Openjpeg
Timeline
PublishedApr 18
Latest updateMay 13

Description

Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified impact via unknown vectors to (1) lib/openjp3d/opj_jp3d_compress.c, (2) bin/jp3d/convert.c, or (3) lib/openjp3d/event.c.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDuclouvain/openjpeg1.5.1+3

🔴Vulnerability Details

2
GHSA
GHSA-ff98-3h3f-32fc: Stack-based buffer overflow in OpenJPEG before 12022-05-13
CVEList
CVE-2013-4290: Stack-based buffer overflow in OpenJPEG before 12014-04-18

📋Vendor Advisories

1
Red Hat
openjpeg: multiple stack-based buffer overflows2013-09-11

💬Community

1
Bugzilla
CVE-2013-4290 openjpeg: multiple stack-based buffer overflows2013-09-12
CVE-2013-4290 — Uclouvain Openjpeg vulnerability | cvebase