CVE-2009-5030

Priority
Medium
Description
The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows
remote attackers to cause a denial of service (memory corruption) and
possibly execute arbitrary code via crafted tile information in a Gray16
TIFF image, which causes insufficient memory to be allocated and leads to
an "invalid free."
References
Bugs
Package
Upstream:released (1.3+dfsg-4.1)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (1.3+dfsg-4+squeeze1build0.10.04.1)
Ubuntu 11.10 (Oneiric Ocelot):released (1.3+dfsg-4+squeeze1build0.11.10.1)
Ubuntu 12.04 LTS (Precise Pangolin):released (1.3+dfsg-4+squeeze1build0.12.04.1)
Ubuntu 12.10 (Quantal Quetzal):not-affected (1.3+dfsg-4.3)
Ubuntu 13.04 (Raring Ringtail):not-affected (1.3+dfsg-4.3)
More Information

Valid XHTML 1.0 Strict

Updated: 2013-04-01 21:14:28 UTC (commit 6669)