Main Vulnerability Database Vulnerabilities #VU41787

Input validation error in OpenJPEG - CVE-2013-4289

Published: April 18, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41787

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2013-4289

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: openjpeg.org

Affected software:
OpenJPEG

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors, which trigger a heap-based buffer overflow.

How to mitigate CVE-2013-4289

Install update from vendor's website.

Sources

http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS
http://seclists.org/oss-sec/2013/q3/593
http://secunia.com/advisories/57285
http://www.securityfocus.com/bid/62363

Input validation error in OpenJPEG - CVE-2013-4289

Detailed vulnerability description

How to mitigate CVE-2013-4289

Sources

Please verify you're human