CVE-2013-6052 — Sensitive Information Exposure in Openjpeg

CWE-200 — Sensitive Information Exposure9 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 37.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Uclouvain Openjpeg

Timeline

PublishedDec 12

Latest updateMay 13

Description

OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Ubuntuuclouvain/openjpeg< 1.3+dfsg-4.7ubuntu1

▶NVDuclouvain/openjpeg1.3

🔴Vulnerability Details

GHSA

GHSA-mvf2-ccrq-36pg: OpenJPEG 1↗2022-05-13

▶

CVEList

CVE-2013-6052: OpenJPEG 1↗2013-12-12

▶

OSV

CVE-2013-6052: OpenJPEG 1↗2013-12-12

▶

📋Vendor Advisories

Red Hat

openjpeg: out-of-bounds memory read flaws↗2013-12-04

▶

💬Community

Bugzilla

CVE-2013-6045 CVE-2013-6052 CVE-2013-6053 mingw-openjpeg: various flaws [fedora-all]↗2013-12-05

▶

Bugzilla

CVE-2013-6054 CVE-2013-1447 CVE-2013-6045 CVE-2013-6052 openjpeg: various flaws [epel-5]↗2013-12-05

▶

Bugzilla

CVE-2013-6887 CVE-2013-1447 CVE-2013-6045 CVE-2013-6052 CVE-2013-6053 openjpeg: various flaws [fedora-all]↗2013-12-05

▶

Bugzilla

CVE-2013-6052 openjpeg: out-of-bounds memory read flaws↗2013-12-02

▶