This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
APP:ORACLE:OUTSIDE-JPEG2-CRG
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
APP
|
Keywords |
Oracle Outside In JPEG 2000 CRG Segment Processing Heap Buffer Overflow
|
Release Date |
2012/02/09
|
Update Number |
2079
|
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
APP: Oracle Outside In JPEG 2000 CRG Segment Processing Heap Buffer Overflow
A heap buffer overflow vulnerability exists in Oracle Outside-In, a set of libraries used to decode many file formats. The vulnerability exists when handling the CRG marker segments in JPEG 2000 files. Oracle Outside-In is embedded in many enterprise applications. This vulnerability can be exploited by causing an application that uses the vulnerable library to handle a malformed JPEG 2000 file. Depending on the application, user interaction may be required. Successful exploitation can result in arbitrary code execution in the context of the affected application.
Extended Description
JasPer is prone to multiple remote heap-based buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.
Attackers may leverage these issues to execute arbitrary code in the context of the application that uses the affected library. Failed attacks will cause denial-of-service conditions.
Affected Products
- Avaya aura_experience_portal 6.0
- Debian linux 6.0 amd64
- Debian linux 6.0 arm
- Debian linux 6.0 ia-32
- Debian linux 6.0 ia-64
- Debian linux 6.0 mips
- Debian linux 6.0 powerpc
- Debian linux 6.0 s/390
- Debian linux 6.0 sparc
- Gentoo linux
- Jasper jasper 1.701
- Jasper jasper 1.900
- Jasper jasper 1.900.1
- Mandriva enterprise_server 5
- Mandriva enterprise_server 5 X86 64
- Mandriva linux_mandrake 2010.1
- Mandriva linux_mandrake 2010.1 X86 64
- Mandriva linux_mandrake 2011
- Mandriva linux_mandrake 2011 x86_64
- Oracle enterprise_linux 4
- Oracle enterprise_linux 5
- Oracle enterprise_linux 6
- Oracle enterprise_linux 6.2
- Oracle outside_in 8.3.5.0
- Oracle outside_in 8.3.5.0
- Oracle outside_in 8.3.7
- Red_hat enterprise_linux 5 Server
- Red_hat enterprise_linux Desktop Version 4
- Red_hat enterprise_linux_as 4
- Red_hat enterprise_linux_desktop 5 Client
- Red_hat enterprise_linux_desktop 6
- Red_hat enterprise_linux_desktop_optional 6
- Red_hat enterprise_linux_desktop_workstation 5 Client
- Red_hat enterprise_linux_es 4
- Red_hat enterprise_linux_hpc_node 6
- Red_hat enterprise_linux_hpc_node_optional 6
- Red_hat enterprise_linux_server 6
- Red_hat enterprise_linux_server_optional 6
- Red_hat enterprise_linux_workstation 6
- Red_hat enterprise_linux_workstation_optional 6
- Red_hat enterprise_linux_ws 4
- Red_hat fedora 15
- Red_hat fedora 16
- Suse opensuse 11.3
- Suse opensuse 11.4
- Suse suse_linux_enterprise_desktop 11 SP1
- Suse suse_linux_enterprise_sdk 11 SP1
- Suse suse_linux_enterprise_server 11 SP1
- Suse suse_linux_enterprise_server_for_vmware 11 SP1
- Symantec enterprise_vault 10.0
- Symantec enterprise_vault 9.0
- Symantec enterprise_vault 9.0.1
- Symantec enterprise_vault 9.0.2
- Ubuntu ubuntu_linux 10.04 Amd64
- Ubuntu ubuntu_linux 10.04 ARM
- Ubuntu ubuntu_linux 10.04 I386
- Ubuntu ubuntu_linux 10.04 Powerpc
- Ubuntu ubuntu_linux 10.04 Sparc
- Ubuntu ubuntu_linux 10.10 amd64
- Ubuntu ubuntu_linux 10.10 ARM
- Ubuntu ubuntu_linux 10.10 i386
- Ubuntu ubuntu_linux 10.10 powerpc
- Ubuntu ubuntu_linux 11.04 amd64
- Ubuntu ubuntu_linux 11.04 ARM
- Ubuntu ubuntu_linux 11.04 i386
- Ubuntu ubuntu_linux 11.04 powerpc
- Ubuntu ubuntu_linux 11.10 amd64
- Ubuntu ubuntu_linux 11.10 i386
- Ubuntu ubuntu_linux 8.04 LTS Amd64
- Ubuntu ubuntu_linux 8.04 LTS I386
- Ubuntu ubuntu_linux 8.04 LTS Lpia
- Ubuntu ubuntu_linux 8.04 LTS Powerpc
- Ubuntu ubuntu_linux 8.04 LTS Sparc
References