CVE-2013-6052
openjpeg: out-of-bounds memory read flaws
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.
OpenJPEG 1.3 y anteriores versiones permite a atacantes remotos obtener información sensible a través de vectores sin especificar.
OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Multiple denial of service flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-10-08 CVE Reserved
- 2013-12-04 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS | X_refsource_confirm | |
| http://seclists.org/oss-sec/2013/q4/412 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-1850.html | 2020-09-09 | |
| http://www.debian.org/security/2013/dsa-2808 | 2020-09-09 | |
| https://access.redhat.com/security/cve/CVE-2013-6052 | 2013-12-17 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1036491 | 2013-12-17 |