CVE-2012-3358

Publication date 18 July 2012

Last updated 24 July 2024

Ubuntu priority

Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
openjpeg	12.10 quantal	Not affected
	12.04 LTS precise	Fixed 1.3+dfsg-4+squeeze1build0.12.04.1
	11.10 oneiric	Fixed 1.3+dfsg-4+squeeze1build0.11.10.1
	11.04 natty	Ignored end of life
	10.04 LTS lucid	Fixed 1.3+dfsg-4+squeeze1build0.10.04.1
	8.04 LTS hardy	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
openjpeg	Other: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=openjpeg-tile-sanity.patch;att=1;bug=681075 Other: http://code.google.com/p/openjpeg/source/detail?r=1727

CVE-2012-3358

Status

Patch details

References

Other references