Vulnerability CVE-2013-6053

Vulnerability Name:

CVE-2013-6053 (CCN-89845)

Assigned:

2013-12-14

Published:

2013-12-14

Updated:

2020-09-09

Summary:

OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2013-6053

Source: CONFIRM
Type: Vendor Advisory
http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS

Source: MLIST
Type: UNKNOWN
[oss-security] 20131204 Fwd: [vs] multiple issues in openjpeg

Source: CCN
Type: SA57285
OpenJPEG Multiple Vulnerabilities

Source: CCN
Type: OpenJPEG Web site
OpenJPEG library : an open source JPEG 2000 codec

Source: BID
Type: UNKNOWN
64121

Source: CCN
Type: BID-64121
OpenJPEG CVE-2013-6053 Multiple Out of Bounds Memory Corruption Vulnerabilities

Source: MISC
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=1036493

Source: CCN
Type: Red Hat Bugzilla Bug 1036493
(CVE-2013-6053) CVE-2013-6053 openjpeg: out-of-bounds memory read flaws in version 1.5.1

Source: CONFIRM
Type: UNKNOWN
https://code.google.com/p/openjpeg/issues/detail?id=297

Source: XF
Type: UNKNOWN
openjpeg-cve20136053-dos(89845)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-6053

Vulnerable Configuration:

Configuration 1:

cpe:/a:uclouvain:openjpeg:1.5.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:uclouvain:openjpeg:1.5.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20136053	V	CVE-2013-6053	2023-06-22
oval:org.opensuse.security:def:7952	P	libopenjpeg1-1.5.2-150000.4.10.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:790	P	Security update for cosign (Important)	2022-10-01
oval:org.opensuse.security:def:679	P	Security update for buildah (Moderate)	2022-08-05
oval:org.opensuse.security:def:3331	P	perl-XML-LibXML-2.0019-6.3.5 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94961	P	libopenjpeg1-1.5.2-150000.4.5.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:1371	P	Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP3) (Important)	2022-06-06
oval:org.opensuse.security:def:1243	P	Security update for the Linux Kernel (Important)	2022-03-08
oval:org.opensuse.security:def:1599	P	Security update for the Linux Kernel (Important)	2022-02-02
oval:org.opensuse.security:def:1715	P	Security update for nodejs12 (Moderate)	2022-01-18
oval:org.opensuse.security:def:112738	P	libopenjpeg1-1.5.2-4.7 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:1126	P	Security update for glibc (Moderate)	2021-12-08
oval:org.opensuse.security:def:49456	P	Security update for php72 (Moderate)	2021-11-19
oval:org.opensuse.security:def:106210	P	libopenjpeg1-1.5.2-4.7 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:1482	P	Security update for ffmpeg (Important)	2021-09-23
oval:org.opensuse.security:def:71277	P	liblua5_3-5-32bit-5.3.4-3.3.2 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71164	P	cups-filters-1.20.3-1.12 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:64577	P	Security update for xen (Moderate)	2021-09-18
oval:org.opensuse.security:def:47901	P	tar-1.27.1-15.3.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47447	P	mozilla-nspr-32bit-4.13.1-18.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47200	P	apache-commons-beanutils-1.9.2-1.149 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48199	P	libsrtp1-1.5.2-3.2.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47772	P	libpython2_7-1_0-2.7.13-28.11.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47215	P	bind-9.9.9P1-62.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48326	P	tpm2.0-tools-3.1.4-1.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48012	P	g3utils-1.1.36-58.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47529	P	xdg-utils-20140630-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47311	P	libXRes1-1.0.7-3.53 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48310	P	squid-4.8-2.17 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47753	P	libopenssl-1_0_0-devel-1.0.2p-2.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47326	P	libXvnc1-1.6.0-18.11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48115	P	libgcrypt20-1.6.1-16.68.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47640	P	gvim-7.4.326-16.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47201	P	apache-commons-daemon-1.0.15-6.10 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48261	P	pcsc-ccid-1.4.25-4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47864	P	python-cupshelpers-1.5.7-7.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47336	P	libcares2-1.9.1-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48357	P	zsh-5.0.5-6.7.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48226	P	libxerces-c-3_1-3.1.1-12.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47661	P	lftp-4.7.4-3.3.20 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47312	P	libXcursor1-1.1.14-3.59 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:62804	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101210	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1015	P	java-11-openjdk-11.0.10.0-3.53.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100783	P	apr-util-devel-1.6.1-16.43 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72523	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:48468	P	libXi6-1.7.4-9.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48428	P	glib2-lang-2.48.2-10.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48437	P	grub2-2.02~beta2-104.16 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48539	P	libpoppler44-0.24.4-12.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48372	P	at-3.1.14-7.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:64490	P	Security update for avahi (Moderate)	2021-05-04
oval:org.opensuse.security:def:66750	P	Security update for libdwarf (Low)	2021-04-22
oval:org.opensuse.security:def:70001	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:117007	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72179	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62460	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:89921	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72290	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:103576	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62571	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:94070	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72407	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107449	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62688	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49567	P	libopenjpeg1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73323	P	sudo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67924	P	libopenjpeg1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49402	P	flatpak on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49684	P	libopenjpeg1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66658	P	yast2-buildtools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:70106	P	libopenjpeg1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73441	P	libopenjpeg1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49513	P	flatpak on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67824	P	tcpdump on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49630	P	gnome-desktop-lang on GA media (Moderate)	2020-12-01
oval:com.ubuntu.precise:def:20136053000	V	CVE-2013-6053 on Ubuntu 12.04 LTS (precise) - medium.	2014-04-27
oval:com.ubuntu.xenial:def:201360530000000	V	CVE-2013-6053 on Ubuntu 16.04 LTS (xenial) - medium.	2014-04-27
oval:com.ubuntu.trusty:def:20136053000	V	CVE-2013-6053 on Ubuntu 14.04 LTS (trusty) - medium.	2014-04-27
oval:com.ubuntu.xenial:def:20136053000	V	CVE-2013-6053 on Ubuntu 16.04 LTS (xenial) - medium.	2014-04-27

BACK