Candidate: CVE-2012-3358
PublicDate: 2012-07-18 23:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3358
 http://www.openwall.com/lists/oss-security/2012/07/11/1
Description:
 Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c
 in OpenJPEG 1.5 allow remote attackers to cause a denial of service
 (application crash) and possibly execute arbitrary code via a crafted (1)
 tile number or (2) tile length in a JPEG 2000 image file.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681075
 https://bugs.launchpad.net/ubuntu/+source/openjpeg/+bug/1023259
 https://bugzilla.redhat.com/show_bug.cgi?id=835767
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_openjpeg:
 other: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=openjpeg-tile-sanity.patch;att=1;bug=681075
 other: http://code.google.com/p/openjpeg/source/detail?r=1727
upstream_openjpeg: released (1.3+dfsg-4.4)
hardy_openjpeg: DNE
lucid_openjpeg: released (1.3+dfsg-4+squeeze1build0.10.04.1)
natty_openjpeg: ignored (reached end-of-life)
oneiric_openjpeg: released (1.3+dfsg-4+squeeze1build0.11.10.1)
precise_openjpeg: released (1.3+dfsg-4+squeeze1build0.12.04.1)
quantal_openjpeg: not-affected (1.3+dfsg-4.5)
devel_openjpeg: not-affected (1.3+dfsg-4.5)