APP: Oracle Outside In JPEG 2000 COD and COC Parameter Heap Buffer Overflow
A heap buffer overflow vulnerability exists in Oracle Outside In, a set of libraries used to decode many file formats. The vulnerability is exposed when the product is used to handle JPEG 2000 files. Oracle Outside In is embedded in many enterprise applications. This vulnerability can be exploited by causing an application that uses the vulnerable library to handle a malformed JPEG 2000 file. Depending on the application, user interaction may be required. Successful exploitation can result in arbitrary code execution in the context of the affected application.
Extended Description
JasPer is prone to multiple remote heap-based buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage these issues to execute arbitrary code in the context of the application that uses the affected library. Failed attacks will cause denial-of-service conditions.
Affected Products
Ubuntu ubuntu_linux
References
BugTraq: 50992
CVE: CVE-2011-4516
URL: http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
Short Name
APP:ORACLE:OUTSIDE-JPEG2-CODCOC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
2000 Buffer COC COD CVE-2011-4516 Heap In JPEG Oracle Outside Overflow Parameter and bid:50992
Release Date
02/09/2012
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3716
False Positive
Unknown
Vendors
Red_hat
Symantec
Gentoo
Avaya
Oracle
Jasper
Ubuntu
Mandriva
Suse
Debian
CVSS Score
6.8