OpenJPEG Heap Based Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/54373

Security Info

Bugtraq ID:	54373
Class:	Boundary Condition Error
CVE:	CVE-2012-3358
Remote:	Yes
Local:	No
Published:	Jul 11 2012 12:00AM
Updated:	Jul 11 2012 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	OpenJPEG OpenJPEG 1.5 OpenJPEG OpenJPEG 1.4

Not Vulnerable:

Security Discussion

OpenJPEG is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

OpenJPEG versions 1.4 and 1.5 are vulnerable.

Proof of Concept and Security Exploits

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Security Solution(s)

Solution:
Vendor updates are available. Please see the references for more information.

Security References(s)

References:

OpenJPEG Homepage (OpenJPEG)

Emagined Security Blog featuring Dr. Eugene Schultz

Secure Web Programming
by Vizual Services