FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-3535

This CVE name corresponds to:

Entered Topic
2014-05-24 openjpeg -- Multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2012-3535
Phase Assigned(20120614)

Description

Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file.

References

Source Reference
MLIST [oss-security] 20120827 CVE Request: Heap-based buffer overflow in openjpeg
MLIST [oss-security] 20120827 Re: CVE Request: Heap-based buffer overflow in openjpeg
MISC http://code.google.com/p/openjpeg/issues/detail?id=170
MISC https://bugzilla.redhat.com/show_bug.cgi?id=842918
FEDORA FEDORA-2012-14664
FEDORA FEDORA-2012-14707
MANDRIVA MDVSA-2012:157
REDHAT RHSA-2012:1283
BID 55214
OSVDB 84978
SECUNIA 50360
SECUNIA 50681
XF openjpeg-files-bo(77994)