CVE-2013-4289
Gentoo Linux Security Advisory 201412-24
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors, which trigger a heap-based buffer overflow.
Múltiples desbordamientos de entero en lib/openjp3d/jp3d.c en OpenJPEG en versiones anteriores a 1.5.2 permiten a atacantes remotos tener impacto y vectores no especificados, lo que desencadena un desbordamiento de búfer basado en memoria dinámica.
Multiple vulnerabilities have been found in OpenJPEG, the worst of which may result in execution of arbitrary code. Versions less than 1.5.2 are affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-06-12 CVE Reserved
- 2014-04-18 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS | X_refsource_confirm | |
| http://seclists.org/oss-sec/2013/q3/593 | Mailing List |
|
| http://www.securityfocus.com/bid/62363 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/57285 | 2020-09-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Uclouvain Search vendor "Uclouvain" | Openjpeg Search vendor "Uclouvain" for product "Openjpeg" | <= 1.5.1 Search vendor "Uclouvain" for product "Openjpeg" and version " <= 1.5.1" | - |
Affected
| ||||||
| Uclouvain Search vendor "Uclouvain" | Openjpeg Search vendor "Uclouvain" for product "Openjpeg" | 1.3 Search vendor "Uclouvain" for product "Openjpeg" and version "1.3" | - |
Affected
| ||||||
| Uclouvain Search vendor "Uclouvain" | Openjpeg Search vendor "Uclouvain" for product "Openjpeg" | 1.4 Search vendor "Uclouvain" for product "Openjpeg" and version "1.4" | - |
Affected
| ||||||
| Uclouvain Search vendor "Uclouvain" | Openjpeg Search vendor "Uclouvain" for product "Openjpeg" | 1.5 Search vendor "Uclouvain" for product "Openjpeg" and version "1.5" | - |
Affected
| ||||||