SB2012073002 - Amazon Linux AMI update for openjpeg

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2012073002

SB2012073002 - Amazon Linux AMI update for openjpeg

Published: July 30, 2012

Security Bulletin ID SB2012073002
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 50% Medium 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2009-5030)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "invalid free."


2) Buffer overflow (CVE-ID: CVE-2012-3358)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file.


Remediation

Install update from vendor's website.

References