CVE-2014-0158Improper Restriction of Operations within the Bounds of a Memory Buffer in Openjpeg

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents5 sources
Severity
8.8HIGHNVD
CNA5.0
EPSS
0.5%
top 34.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Uclouvain OpenjpegOpensuse
Timeline
PublishedApr 10
Latest updateMay 13

Description

Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDuclouvain/openjpeg< 1.5.2
NVDopensuse/opensuse12.3, 13.1+1

🔴Vulnerability Details

2
GHSA
GHSA-8w7m-78c5-5pmm: Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 12022-05-13
CVEList
CVE-2014-0158: Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 12018-04-10

💬Community

5
Bugzilla
CVE-2014-0158 openjpeg: Heap-based buffer overflow in JPEG2000 image tile decoder [fedora-all]2014-04-01
Bugzilla
CVE-2014-0158 mingw-openjpeg: openjpeg: Heap-based buffer overflow in JPEG2000 image tile decoder [fedora-all]2014-04-01
Bugzilla
CVE-2014-0158 openjpeg: Heap-based buffer overflow in JPEG2000 image tile decoder [epel-5]2014-04-01
Bugzilla
CVE-2014-0154 ovirt-engine-webadmin: HttpOnly flag is not included when the session ID is set2014-03-28
Bugzilla
CVE-2014-0151 ovirt-engine: cross-site request forgery (CSRF)2014-03-28
CVE-2014-0158 — Uclouvain Openjpeg vulnerability | cvebase