Skip to main content

OpenJPEG JPEG2000 Image Processing Buffer Overflow Vulnerability

Last Update Date: 20 Sep 2012 Release Date: 30 Aug 2012 5203 Views

RISK: Medium Risk

TYPE: Clients - Graphics & Design

TYPE: Graphics & Design

A vulnerability has been identified in OpenJPEG, which can be exploited by malicious people to potentially compromise an application using the library.

 

The vulnerability is caused due to an error when decoding images and can be exploited to cause a heap-based buffer overflow via a specially crafted file.

 

Successful exploitation may allow execution of arbitrary code.


Impact

  • Remote Code Execution

System / Technologies affected

  • OpenJPEG versions 1.5.0 and before

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (1.5.1).

Vulnerability Identifier


Source


Related Link