6.8
CVE-2011-4516
- EPSS 10.62%
- Veröffentlicht 15.12.2011 03:57:34
- Zuletzt bearbeitet 16.06.2026 23:34:58
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jasper Project ≫ Jasper Version1.900.1
Oracle ≫ Outside In Technology Version8.3.5
Oracle ≫ Outside In Technology Version8.3.7
Canonical ≫ Ubuntu Linux Version10.04 SwEdition-
Canonical ≫ Ubuntu Linux Version10.10
Canonical ≫ Ubuntu Linux Version11.04
Canonical ≫ Ubuntu Linux Version11.10
Debian ≫ Debian Linux Version6.0
Fedoraproject ≫ Fedora Version15
Fedoraproject ≫ Fedora Version16
Suse ≫ Linux Enterprise Desktop Version11 Updatesp1
Suse ≫ Linux Enterprise Server Version11 Updatesp1 SwPlatform-
Suse ≫ Linux Enterprise Server Version11 Updatesp1 SwPlatformvmware
Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.62% | 0.952 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
http://rhn.redhat.com/errata/RHSA-2015-0698.html
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
http://www-01.ibm.com/support/docview.wss?uid=swg21660640
http://www.redhat.com/support/errata/RHSA-2011-1811.html
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html
http://osvdb.org/77595
http://secunia.com/advisories/47193
http://secunia.com/advisories/47306
http://secunia.com/advisories/47353
http://www.debian.org/security/2011/dsa-2371
http://www.kb.cert.org/vuls/id/887409
http://www.redhat.com/support/errata/RHSA-2011-1807.html
http://www.securityfocus.com/bid/50992
http://www.ubuntu.com/usn/USN-1315-1
https://bugzilla.redhat.com/show_bug.cgi?id=747726