Vulnerability CVE-2013-4289: Information

Description

Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors, which trigger a heap-based buffer overflow.

Severity: CRITICAL (10.0)

URL: https://nvd.nist.gov/vuln/detail/CVE-2013-4289

Published: April 18, 2014

Modified: Sept. 9, 2020

Error type identifier: CWE-189

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
libopenjpeg	p10	1.5.2-alt1	1.5.2-alt1	ALT-PU-2019-2337-1	235157	Fixed
libopenjpeg	p9	1.5.2-alt1	1.5.2-alt1	ALT-PU-2021-1097-1	264567	Fixed
libopenjpeg	c10f1	1.5.2-alt1	1.5.2-alt1	ALT-PU-2019-2337-1	235157	Fixed
libopenjpeg	c9f2	1.5.2-alt1	1.5.2-alt1	ALT-PU-2021-1197-1	264629	Fixed
libopenjpeg2.0	sisyphus	2.5.0-alt1	2.5.2-alt1	ALT-PU-2022-1865-1	299926	Fixed
libopenjpeg2.0	sisyphus_e2k	2.5.0-alt1	2.5.2-alt1	ALT-PU-2022-4997-1	-	Fixed
libopenjpeg2.0	sisyphus_riscv64	2.5.0-alt1	2.5.2-alt1	ALT-PU-2022-4954-1	-	Fixed
libopenjpeg2.0	p10	2.5.0-alt1	2.5.0-alt1	ALT-PU-2022-1892-1	300002	Fixed
libopenjpeg2.0	p10_e2k	2.5.0-alt1	2.5.0-alt1	ALT-PU-2022-4992-1	-	Fixed
libopenjpeg2.0	c10f1	2.5.0-alt1	2.5.0-alt1	ALT-PU-2022-1892-1	300002	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
57285	Vendor Advisory
http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS
[oss-security] 20140911 [seth.arnold () canonical com: CVE Requests openjpeg]
62363

Affected configurations:
1. Configuration 1
  cpe:2.3:a:uclouvain:openjpeg:1.3:*:*:*:*:*:*:*
  cpe:2.3:a:uclouvain:openjpeg:1.4:*:*:*:*:*:*:*
  cpe:2.3:a:uclouvain:openjpeg:1.5:*:*:*:*:*:*:*
  cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*
  End including
  1.5.1

Version: v24.4.2

Vulnerability CVE-2013-4289: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1