Vulnerability CVE-2013-4289

Vulnerability Name:

CVE-2013-4289 (CCN-87074)

Assigned:

2013-09-11

Published:

2013-09-11

Updated:

2020-09-09

Summary:

Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors, which trigger a heap-based buffer overflow.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-189

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2013-4289

Source: CONFIRM
Type: UNKNOWN
http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS

Source: CCN
Type: oss-sec mailing list, Wed, 11 Sep 2013 19:19:50 -0700
[seth.arnold () canonical com: CVE Requests openjpeg]

Source: MLIST
Type: UNKNOWN
[oss-security] 20140911 [seth.arnold () canonical com: CVE Requests openjpeg]

Source: CCN
Type: SA57285
OpenJPEG Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
57285

Source: CCN
Type: OpenJPEG Web site
OpenJPEG

Source: BID
Type: UNKNOWN
62363

Source: CCN
Type: BID-62363
OpenJPEG CVE-2013-4289 Multiple Heap Buffer Overflow Vulnerabilities

Source: CCN
Type: Red Hat Bugzilla Bug 1007531
CVE-2013-4289 openjpeg: multiple heap-based buffer overflows

Source: XF
Type: UNKNOWN
openjpeg-cve20134289-bo(87074)

Vulnerable Configuration:

Configuration 1:

cpe:/a:uclouvain:openjpeg:1.3:*:*:*:*:*:*:*

OR cpe:/a:uclouvain:openjpeg:1.4:*:*:*:*:*:*:*

OR cpe:/a:uclouvain:openjpeg:1.5:*:*:*:*:*:*:*

OR cpe:/a:uclouvain:openjpeg:*:*:*:*:*:*:*:* (Version <= 1.5.1)

Configuration CCN 1:

cpe:/a:uclouvain:openjpeg:1.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20134289	V	CVE-2013-4289	2023-06-22
oval:org.opensuse.security:def:7952	P	libopenjpeg1-1.5.2-150000.4.10.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:790	P	Security update for cosign (Important)	2022-10-01
oval:org.opensuse.security:def:679	P	Security update for buildah (Moderate)	2022-08-05
oval:org.opensuse.security:def:3331	P	perl-XML-LibXML-2.0019-6.3.5 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94961	P	libopenjpeg1-1.5.2-150000.4.5.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:1371	P	Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP3) (Important)	2022-06-06
oval:org.opensuse.security:def:1243	P	Security update for the Linux Kernel (Important)	2022-03-08
oval:org.opensuse.security:def:1599	P	Security update for the Linux Kernel (Important)	2022-02-02
oval:org.opensuse.security:def:1715	P	Security update for nodejs12 (Moderate)	2022-01-18
oval:org.opensuse.security:def:112738	P	libopenjpeg1-1.5.2-4.7 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:1126	P	Security update for glibc (Moderate)	2021-12-08
oval:org.opensuse.security:def:49456	P	Security update for php72 (Moderate)	2021-11-19
oval:org.opensuse.security:def:106210	P	libopenjpeg1-1.5.2-4.7 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:1482	P	Security update for ffmpeg (Important)	2021-09-23
oval:org.opensuse.security:def:71277	P	liblua5_3-5-32bit-5.3.4-3.3.2 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71164	P	cups-filters-1.20.3-1.12 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:64577	P	Security update for xen (Moderate)	2021-09-18
oval:org.opensuse.security:def:47901	P	tar-1.27.1-15.3.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47447	P	mozilla-nspr-32bit-4.13.1-18.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47200	P	apache-commons-beanutils-1.9.2-1.149 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48199	P	libsrtp1-1.5.2-3.2.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47772	P	libpython2_7-1_0-2.7.13-28.11.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47215	P	bind-9.9.9P1-62.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48326	P	tpm2.0-tools-3.1.4-1.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48012	P	g3utils-1.1.36-58.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47529	P	xdg-utils-20140630-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47311	P	libXRes1-1.0.7-3.53 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48310	P	squid-4.8-2.17 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47753	P	libopenssl-1_0_0-devel-1.0.2p-2.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47326	P	libXvnc1-1.6.0-18.11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48115	P	libgcrypt20-1.6.1-16.68.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47640	P	gvim-7.4.326-16.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47201	P	apache-commons-daemon-1.0.15-6.10 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48261	P	pcsc-ccid-1.4.25-4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47864	P	python-cupshelpers-1.5.7-7.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47336	P	libcares2-1.9.1-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48357	P	zsh-5.0.5-6.7.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48226	P	libxerces-c-3_1-3.1.1-12.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47661	P	lftp-4.7.4-3.3.20 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47312	P	libXcursor1-1.1.14-3.59 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:62804	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101210	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1015	P	java-11-openjdk-11.0.10.0-3.53.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100783	P	apr-util-devel-1.6.1-16.43 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72523	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:48468	P	libXi6-1.7.4-9.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48428	P	glib2-lang-2.48.2-10.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48437	P	grub2-2.02~beta2-104.16 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48539	P	libpoppler44-0.24.4-12.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48372	P	at-3.1.14-7.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:64490	P	Security update for avahi (Moderate)	2021-05-04
oval:org.opensuse.security:def:66750	P	Security update for libdwarf (Low)	2021-04-22
oval:org.opensuse.security:def:70001	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:117007	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72179	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62460	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:89921	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72290	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:103576	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62571	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:94070	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72407	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107449	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62688	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49567	P	libopenjpeg1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73323	P	sudo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67924	P	libopenjpeg1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49402	P	flatpak on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49684	P	libopenjpeg1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66658	P	yast2-buildtools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:70106	P	libopenjpeg1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73441	P	libopenjpeg1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49513	P	flatpak on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67824	P	tcpdump on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49630	P	gnome-desktop-lang on GA media (Moderate)	2020-12-01
oval:com.ubuntu.precise:def:20134289000	V	CVE-2013-4289 on Ubuntu 12.04 LTS (precise) - medium.	2014-04-18
oval:com.ubuntu.xenial:def:201342890000000	V	CVE-2013-4289 on Ubuntu 16.04 LTS (xenial) - medium.	2014-04-18
oval:com.ubuntu.trusty:def:20134289000	V	CVE-2013-4289 on Ubuntu 14.04 LTS (trusty) - medium.	2014-04-18
oval:com.ubuntu.xenial:def:20134289000	V	CVE-2013-4289 on Ubuntu 16.04 LTS (xenial) - medium.	2014-04-18

BACK