CVE-2013-6045Improper Restriction of Operations within the Bounds of a Memory Buffer in Openjpeg

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow14 documents6 sources
Severity
7.5HIGHNVD
EPSS
7.8%
top 7.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Uclouvain Openjpeg
Timeline
PublishedDec 12
Latest updateMay 13

Description

Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Ubuntuuclouvain/openjpeg< 1.3+dfsg-4.7ubuntu1

🔴Vulnerability Details

3
GHSA
GHSA-9mx7-7pm8-8px9: Multiple heap-based buffer overflows in OpenJPEG 12022-05-13
CVEList
CVE-2013-6045: Multiple heap-based buffer overflows in OpenJPEG 12013-12-12
OSV
CVE-2013-6045: Multiple heap-based buffer overflows in OpenJPEG 12013-12-12

📋Vendor Advisories

3
Red Hat
openjpeg: incorrect fix for CVE-2013-60452016-09-26
Red Hat
openjpeg: heap-based buffer overflows2013-12-04
Red Hat
openjpeg: heap-based buffer overflows in version 1.32013-12-04

💬Community

7
Bugzilla
mingw-openjpeg: openjpeg: incorrect fix for CVE-2013-6045 [fedora-all]2016-10-06
Bugzilla
CVE-2016-9675 openjpeg: incorrect fix for CVE-2013-60452016-10-06
Bugzilla
openjpeg: incorrect fix for CVE-2013-6045 [epel-5]2016-10-06
Bugzilla
CVE-2013-6045 CVE-2013-6052 CVE-2013-6053 mingw-openjpeg: various flaws [fedora-all]2013-12-05
Bugzilla
CVE-2013-6054 CVE-2013-1447 CVE-2013-6045 CVE-2013-6052 openjpeg: various flaws [epel-5]2013-12-05
CVE-2013-6045 — Uclouvain Openjpeg vulnerability | cvebase