ID CVE-2013-4289
Summary Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors, which trigger a heap-based buffer overflow.
References
Vulnerable Configurations
  • OpenJPEG 1.5.1
    cpe:2.3:a:openjpeg:openjpeg:1.5.1
  • OpenJPEG 1.5
    cpe:2.3:a:openjpeg:openjpeg:1.5
  • OpenJPEG 1.4
    cpe:2.3:a:openjpeg:openjpeg:1.4
  • OpenJPEG 1.3
    cpe:2.3:a:openjpeg:openjpeg:1.3
CVSS
Base: 10.0 (as of 21-04-2014 - 10:35)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_02DB20D7E34A11E3BD92BCAEC565249C.NASL
    description Openjpeg release notes report : That CVE-2012-3535 and CVE-2012-3358 are fixed in the 1.5.1 release. That CVE-2013-4289, CVE-2013-4290, CVE-2013-1447, CVE-2013-6045, CVE-2013-6052, CVE-2013-6054, CVE-2013-6053, CVE-2013-6887, where fixed in the 1.5.2 release.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74176
    published 2014-05-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74176
    title FreeBSD : openjpeg -- Multiple vulnerabilities (02db20d7-e34a-11e3-bd92-bcaec565249c)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-24.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-24 (OpenJPEG: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenJPEG. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted JPEG file, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 79977
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79977
    title GLSA-201412-24 : OpenJPEG: Multiple vulnerabilities
refmap via4
bid 62363
confirm http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS
mlist [oss-security] 20140911 [seth.arnold () canonical com: CVE Requests openjpeg]
secunia 57285
Last major update 02-01-2017 - 21:59
Published 18-04-2014 - 10:55
Back to Top