Vulnerability CVE-2013-6054

Vulnerability Name:

CVE-2013-6054 (CCN-89479)

Assigned:

2013-12-04

Published:

2013-12-04

Updated:

2020-09-09

Summary:

Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-119
CWE-122

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2013-6054

Source: CONFIRM
Type: UNKNOWN
http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS

Source: OSVDB
Type: UNKNOWN
100639

Source: CCN
Type: RHSA-2013-1850
Important: openjpeg security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:1850

Source: MLIST
Type: UNKNOWN
[oss-security] 20131204 Fwd: [vs] multiple issues in openjpeg

Source: CCN
Type: SA57285
OpenJPEG Multiple Vulnerabilities

Source: DEBIAN
Type: UNKNOWN
DSA-2808

Source: BID
Type: UNKNOWN
64113

Source: CCN
Type: BID-64113
OpenJPEG CVE-2013-6054 Multiple Remote Heap Based Buffer Overflow Vulnerabilities

Source: CCN
Type: Red Hat Bugzilla Bug 1036499
(CVE-2013-6054) CVE-2013-6054 openjpeg: heap-based buffer overflows in version 1.3

Source: XF
Type: UNKNOWN
openjpeg-cve20136054-bo(89479)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-6054

Source: CCN
Type: OpenJPEG Web site
OpenJPEG

Vulnerable Configuration:

Configuration 1:

cpe:/a:uclouvain:openjpeg:*:*:*:*:*:*:*:* (Version <= 1.3)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:uclouvain:openjpeg:1.3:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20136054	V	CVE-2013-6054	2023-06-22
oval:org.opensuse.security:def:7952	P	libopenjpeg1-1.5.2-150000.4.10.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:790	P	Security update for cosign (Important)	2022-10-01
oval:org.opensuse.security:def:679	P	Security update for buildah (Moderate)	2022-08-05
oval:org.opensuse.security:def:3331	P	perl-XML-LibXML-2.0019-6.3.5 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94961	P	libopenjpeg1-1.5.2-150000.4.5.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:1371	P	Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP3) (Important)	2022-06-06
oval:org.opensuse.security:def:1243	P	Security update for the Linux Kernel (Important)	2022-03-08
oval:org.opensuse.security:def:1599	P	Security update for the Linux Kernel (Important)	2022-02-02
oval:org.opensuse.security:def:1715	P	Security update for nodejs12 (Moderate)	2022-01-18
oval:org.opensuse.security:def:112738	P	libopenjpeg1-1.5.2-4.7 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:1126	P	Security update for glibc (Moderate)	2021-12-08
oval:org.opensuse.security:def:49456	P	Security update for php72 (Moderate)	2021-11-19
oval:org.opensuse.security:def:106210	P	libopenjpeg1-1.5.2-4.7 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:1482	P	Security update for ffmpeg (Important)	2021-09-23
oval:org.opensuse.security:def:71277	P	liblua5_3-5-32bit-5.3.4-3.3.2 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71164	P	cups-filters-1.20.3-1.12 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:64577	P	Security update for xen (Moderate)	2021-09-18
oval:org.opensuse.security:def:47772	P	libpython2_7-1_0-2.7.13-28.11.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47215	P	bind-9.9.9P1-62.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48326	P	tpm2.0-tools-3.1.4-1.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48012	P	g3utils-1.1.36-58.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47529	P	xdg-utils-20140630-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47311	P	libXRes1-1.0.7-3.53 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48310	P	squid-4.8-2.17 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47753	P	libopenssl-1_0_0-devel-1.0.2p-2.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47326	P	libXvnc1-1.6.0-18.11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48115	P	libgcrypt20-1.6.1-16.68.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47640	P	gvim-7.4.326-16.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47201	P	apache-commons-daemon-1.0.15-6.10 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48261	P	pcsc-ccid-1.4.25-4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47864	P	python-cupshelpers-1.5.7-7.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47336	P	libcares2-1.9.1-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48357	P	zsh-5.0.5-6.7.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48226	P	libxerces-c-3_1-3.1.1-12.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47661	P	lftp-4.7.4-3.3.20 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47312	P	libXcursor1-1.1.14-3.59 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47901	P	tar-1.27.1-15.3.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47447	P	mozilla-nspr-32bit-4.13.1-18.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47200	P	apache-commons-beanutils-1.9.2-1.149 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48199	P	libsrtp1-1.5.2-3.2.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:101210	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1015	P	java-11-openjdk-11.0.10.0-3.53.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100783	P	apr-util-devel-1.6.1-16.43 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72523	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62804	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:48428	P	glib2-lang-2.48.2-10.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48437	P	grub2-2.02~beta2-104.16 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48539	P	libpoppler44-0.24.4-12.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48372	P	at-3.1.14-7.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48468	P	libXi6-1.7.4-9.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:64490	P	Security update for avahi (Moderate)	2021-05-04
oval:org.opensuse.security:def:66750	P	Security update for libdwarf (Low)	2021-04-22
oval:org.opensuse.security:def:70001	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:62460	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:89921	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72290	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:103576	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62571	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:94070	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72407	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107449	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62688	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117007	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72179	P	libopenjpeg1-1.5.2-2.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49567	P	libopenjpeg1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73323	P	sudo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67924	P	libopenjpeg1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49402	P	flatpak on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49684	P	libopenjpeg1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66658	P	yast2-buildtools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:70106	P	libopenjpeg1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73441	P	libopenjpeg1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49513	P	flatpak on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67824	P	tcpdump on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49630	P	gnome-desktop-lang on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:29019	P	DSA-2808-2 -- openjpeg -- several vulnerabilities	2015-08-17
oval:org.mitre.oval:def:21132	P	RHSA-2013:1850: openjpeg security update (Important)	2014-06-30
oval:org.mitre.oval:def:20007	P	DSA-2808-1 openjpeg - several	2014-06-23
oval:org.mitre.oval:def:24075	P	ELSA-2013:1850: openjpeg security update (Important)	2014-05-26
oval:com.redhat.rhsa:def:20131850	P	RHSA-2013:1850: openjpeg security update (Important)	2013-12-17
oval:com.ubuntu.precise:def:20136054000	V	CVE-2013-6054 on Ubuntu 12.04 LTS (precise) - medium.	2013-12-12
oval:com.ubuntu.trusty:def:20136054000	V	CVE-2013-6054 on Ubuntu 14.04 LTS (trusty) - medium.	2013-12-12

BACK