Vulnerability Details : CVE-2012-3358
Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file.
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2012-3358
Probability of exploitation activity in the next 30 days: 9.82%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-3358
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2012-3358
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-3358
-
http://www.securityfocus.com/bid/54373
OpenJPEG Heap Based Buffer Overflow Vulnerability
-
http://code.google.com/p/openjpeg/source/detail?r=1727
Google Code Archive - Long-term storage for Google Code Project Hosting.
-
http://www.mandriva.com/security/advisories?name=MDVSA-2012:104
mandriva.com
-
http://www.openwall.com/lists/oss-security/2012/07/11/1
oss-security - Openjpeg: heap-buffer overflow when processing JPEG2000 image files
-
http://rhn.redhat.com/errata/RHSA-2012-1068.html
RHSA-2012:1068 - Security Advisory - Red Hat Customer Portal
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/76850
OpenJPEG JPEG 2000 buffer overflow CVE-2012-3358 Vulnerability Report
Products affected by CVE-2012-3358
- cpe:2.3:a:uclouvain:openjpeg:1.5:*:*:*:*:*:*:*