Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
20 Dec 2023, 18:29
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:* cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:* cpe:2.3:a:oracle:outside_in_technology:8.3.7:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:* cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* cpe:2.3:a:oracle:outside_in_technology:8.3.5:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:* |
|
| First Time |
Suse linux Enterprise Server
Fedoraproject Debian Suse linux Enterprise Desktop Fedoraproject fedora Debian debian Linux Oracle outside In Technology Canonical Canonical ubuntu Linux Suse linux Enterprise Software Development Kit Oracle Suse |
|
| References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - Third Party Advisory | |
| References | (OSVDB) http://osvdb.org/77595 - Broken Link | |
| References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-0698.html - Third Party Advisory | |
| References | (SECUNIA) http://secunia.com/advisories/47306 - Not Applicable | |
| References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2011-1811.html - Not Applicable, Third Party Advisory | |
| References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2011-1807.html - Not Applicable | |
| References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=747726 - Issue Tracking | |
| References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html - Mailing List, Third Party Advisory | |
| References | (CONFIRM) http://www-01.ibm.com/support/docview.wss?uid=swg21660640 - Broken Link | |
| References | (BID) http://www.securityfocus.com/bid/50992 - Third Party Advisory, VDB Entry | |
| References | (CERT-VN) http://www.kb.cert.org/vuls/id/887409 - Third Party Advisory, US Government Resource | |
| References | (SECUNIA) http://secunia.com/advisories/47353 - Not Applicable | |
| References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html - Mailing List, Third Party Advisory | |
| References | (SECUNIA) http://secunia.com/advisories/47193 - Not Applicable | |
| References | (SLACKWARE) http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 - Release Notes | |
| References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html - Mailing List, Third Party Advisory | |
| References | (UBUNTU) http://www.ubuntu.com/usn/USN-1315-1 - Third Party Advisory | |
| References | (DEBIAN) http://www.debian.org/security/2011/dsa-2371 - Third Party Advisory | |
| CWE | CWE-787 |
Information
Published : 2011-12-15 03:57
Updated : 2023-12-20 18:29
NVD link : CVE-2011-4516
Mitre link : CVE-2011-4516
JSON object : View
Products Affected
debian
- debian_linux
fedoraproject
- fedora
canonical
- ubuntu_linux
jasper_project
- jasper
oracle
- outside_in_technology
suse
- linux_enterprise_server
- linux_enterprise_software_development_kit
- linux_enterprise_desktop
CWE
CWE-787
Out-of-bounds Write