« List of all CVEs

CVE-2011-4517

Published: 12/15/2011 Last updated: 10/21/2024 Reserved: 11/22/2011

The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.

CNA assigner: certcc (37e5125f-f79b-445b-8fad-9564f167944b) Requested by: n/a

Opam packages affected (1)

grib

Products affected (1)

Product Vendor Version
n/a n/a n/a

References (38)