CVE-2013-6053
Gentoo Linux Security Advisory 201412-24
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.
OpenJPEG 1.5.1 permite a atacantes remotos obtener información sensible a través de vectores no especificados que provocan una lectura basada en memoria dinámica fuera de rango.
Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Multiple denial of service flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash. .
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-10-08 CVE Reserved
- 2014-01-18 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/oss-sec/2013/q4/412 | Mailing List |
|
| http://www.securityfocus.com/bid/64121 | Vdb Entry | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1036493 | X_refsource_misc | |
| https://code.google.com/p/openjpeg/issues/detail?id=297 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS | 2020-09-09 |