Executive Summary

Informations
Name CVE-2012-3358 First vendor Publication 2012-07-18
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3358

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21505
 
Oval ID: oval:org.mitre.oval:def:21505
Title: RHSA-2012:1068: openjpeg security update (Important)
Description: Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file.
Family: unix Class: patch
Reference(s): RHSA-2012:1068-01
CESA-2012:1068
CVE-2009-5030
CVE-2012-3358
 Version: 29
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
 Product(s): openjpeg
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23900
 
Oval ID: oval:org.mitre.oval:def:23900
Title: ELSA-2012:1068: openjpeg security update (Important)
Description: Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file.
Family: unix Class: patch
Reference(s): ELSA-2012:1068-01
CVE-2009-5030
CVE-2012-3358
 Version: 13
Platform(s): Oracle Linux 6
 Product(s): openjpeg
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27724
 
Oval ID: oval:org.mitre.oval:def:27724
Title: DEPRECATED: ELSA-2012-1068 -- openjpeg security update (important)
Description: [1.3-8] - Apply patches for CVE-2009-5030, CVE-2012-3358 Resolves: #831561 - Include -DCMAKE_INSTALL_LIBDIR in cmake call; fixes FTBFS with recent versions of cmake
Family: unix Class: patch
Reference(s): ELSA-2012-1068
CVE-2009-5030
CVE-2012-3358
 Version: 4
Platform(s): Oracle Linux 6
 Product(s): openjpeg
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2012-07-30 Name : CentOS Update for openjpeg CESA-2012:1068 centos6
File : nvt/gb_CESA-2012_1068_openjpeg_centos6.nasl
2012-07-16 Name : RedHat Update for openjpeg RHSA-2012:1068-01
File : nvt/gb_RHSA-2012_1068-01_openjpeg.nasl
2012-07-16 Name : Mandriva Update for openjpeg MDVSA-2012:104 (openjpeg)
File : nvt/gb_mandriva_MDVSA_2012_104.nasl

Nessus® Vulnerability Scanner

Date Description
2014-05-26 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_02db20d7e34a11e3bd92bcaec565249c.nasl - Type : ACT_GATHER_INFO
2013-10-11 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201310-07.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-111.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Fedora host is missing a security update.
File : fedora_2013-8953.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1068.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-110.nasl - Type : ACT_GATHER_INFO
2013-02-26 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2629.nasl - Type : ACT_GATHER_INFO
2012-08-16 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-104.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120711_openjpeg_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-07-13 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1068.nasl - Type : ACT_GATHER_INFO
2012-07-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1068.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://code.google.com/p/openjpeg/source/detail?r=1727
http://osvdb.org/83741
http://rhn.redhat.com/errata/RHSA-2012-1068.html
http://secunia.com/advisories/49913
http://www.mandriva.com/security/advisories?name=MDVSA-2012:104
http://www.openwall.com/lists/oss-security/2012/07/11/1
http://www.securityfocus.com/bid/54373
https://exchange.xforce.ibmcloud.com/vulnerabilities/76850
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
Date Informations
2024-11-28 23:01:02
  • Multiple Updates
2024-11-28 12:30:39
  • Multiple Updates
2023-02-13 09:28:41
  • Multiple Updates
2023-02-02 21:28:43
  • Multiple Updates
2021-05-04 12:20:49
  • Multiple Updates
2021-04-22 01:24:50
  • Multiple Updates
2020-09-10 00:22:41
  • Multiple Updates
2020-05-23 00:34:08
  • Multiple Updates
2017-08-29 09:23:55
  • Multiple Updates
2016-06-28 19:12:35
  • Multiple Updates
2016-04-26 22:03:22
  • Multiple Updates
2014-05-27 13:23:10
  • Multiple Updates
2014-02-17 11:11:28
  • Multiple Updates
2013-05-10 22:42:00
  • Multiple Updates