1. CVE-Search
  2. CVE-2011-4516
ID CVE-2011-4516
Summary Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.
References
Vulnerable Configurations
  • cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*
    cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*
    cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*
  • cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*
    cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:outside_in_technology:8.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:outside_in_technology:8.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:outside_in_technology:8.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:outside_in_technology:8.3.7:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 20-12-2023 - 18:29)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2011:1807
  • rhsa
    id RHSA-2011:1811
  • rhsa
    id RHSA-2015:0698
rpms
  • jasper-0:1.900.1-15.el6_1.1
  • jasper-debuginfo-0:1.900.1-15.el6_1.1
  • jasper-devel-0:1.900.1-15.el6_1.1
  • jasper-libs-0:1.900.1-15.el6_1.1
  • jasper-utils-0:1.900.1-15.el6_1.1
  • netpbm-0:10.35.58-8.el4
  • netpbm-0:10.35.58-8.el5_7.3
  • netpbm-debuginfo-0:10.35.58-8.el4
  • netpbm-debuginfo-0:10.35.58-8.el5_7.3
  • netpbm-devel-0:10.35.58-8.el4
  • netpbm-devel-0:10.35.58-8.el5_7.3
  • netpbm-progs-0:10.35.58-8.el4
  • netpbm-progs-0:10.35.58-8.el5_7.3
  • rhevm-spice-client-x64-cab-0:3.5-3.el6
  • rhevm-spice-client-x64-msi-0:3.5-3.el6
  • rhevm-spice-client-x86-cab-0:3.5-3.el6
  • rhevm-spice-client-x86-msi-0:3.5-3.el6
refmap via4
bid 50992
cert-vn VU#887409
confirm
debian DSA-2371
fedora
  • FEDORA-2011-16955
  • FEDORA-2011-16966
osvdb 77595
secunia
  • 47193
  • 47306
  • 47353
slackware SSA:2015-302-02
suse openSUSE-SU-2011:1317
ubuntu USN-1315-1
Last major update 20-12-2023 - 18:29
Published 15-12-2011 - 03:57
Last modified 20-12-2023 - 18:29
Back to Top