APP: Oracle Outside In JPEG 2000 CRG Segment Processing Heap Buffer Overflow
A heap buffer overflow vulnerability exists in Oracle Outside-In, a set of libraries used to decode many file formats. The vulnerability exists when handling the CRG marker segments in JPEG 2000 files. Oracle Outside-In is embedded in many enterprise applications. This vulnerability can be exploited by causing an application that uses the vulnerable library to handle a malformed JPEG 2000 file. Depending on the application, user interaction may be required. Successful exploitation can result in arbitrary code execution in the context of the affected application.
Extended Description
JasPer is prone to multiple remote heap-based buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage these issues to execute arbitrary code in the context of the application that uses the affected library. Failed attacks will cause denial-of-service conditions.
Affected Products
Ubuntu ubuntu_linux
References
BugTraq: 50992
CVE: CVE-2011-4517
URL: http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
Short Name
APP:ORACLE:OUTSIDE-JPEG2-CRG
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
2000 Buffer CRG CVE-2011-4517 Heap In JPEG Oracle Outside Overflow Processing Segment bid:50992
Release Date
02/09/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3717
False Positive
Unknown
Vendors
Red_hat
Symantec
Gentoo
Avaya
Oracle
Jasper
Ubuntu
Mandriva
Suse
Debian
CVSS Score
6.8