CVE-2011-4516 - Vulnerability Details

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Fedoraproject	Fedora
Jasper Project	Jasper
Oracle	Outside In Technology
Redhat	Enterprise Linux Rhev Manager
Suse	Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Software Development Kit

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 4
netpbm-0:10.35.58-8.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2011:1811	2011-12-12T00:00:00Z
Red Hat Enterprise Linux 5
netpbm-0:10.35.58-8.el5_7.3	cpe:/o:redhat:enterprise_linux:5	RHSA-2011:1811	2011-12-12T00:00:00Z
Red Hat Enterprise Linux 6
jasper-0:1.900.1-15.el6_1.1	cpe:/o:redhat:enterprise_linux:6	RHSA-2011:1807	2011-12-09T00:00:00Z
RHEV Manager version 3.5
spice-client-msi-0:3.5-3	cpe:/a:redhat:rhev_manager:3	RHSA-2015:0698	2015-03-18T00:00:00Z

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html
http://osvdb.org/77595
http://rhn.redhat.com/errata/RHSA-2015-0698.html
http://secunia.com/advisories/47193
http://secunia.com/advisories/47306
http://secunia.com/advisories/47353
http://www-01.ibm.com/support/docview.wss?uid=swg21660640
http://www.debian.org/security/2011/dsa-2371
http://www.kb.cert.org/vuls/id/887409
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
http://www.redhat.com/support/errata/RHSA-2011-1807.html
http://www.redhat.com/support/errata/RHSA-2011-1811.html
http://www.securityfocus.com/bid/50992
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
http://www.ubuntu.com/usn/USN-1315-1
https://bugzilla.redhat.com/show_bug.cgi?id=747726
https://nvd.nist.gov/vuln/detail/CVE-2011-4516
https://www.cve.org/CVERecord?id=CVE-2011-4516

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-12-08T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-05T22:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "RHSA-2011:1811", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-1811.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747726"}, {"name": "47306", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47306"}, {"name": "USN-1315-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1315-1"}, {"name": "openSUSE-SU-2011:1317", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html"}, {"name": "DSA-2371", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2011/dsa-2371"}, {"name": "FEDORA-2011-16966", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"}, {"name": "FEDORA-2011-16955", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html"}, {"name": "47353", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47353"}, {"name": "RHSA-2011:1807", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-1807.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"}, {"name": "77595", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/77595"}, {"name": "RHSA-2015:0698", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html"}, {"name": "VU#887409", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/887409"}, {"name": "50992", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/50992"}, {"name": "47193", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47193"}, {"name": "SSA:2015-302-02", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2011-4516", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2011:1811", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2011-1811.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=747726", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747726"}, {"name": "47306", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47306"}, {"name": "USN-1315-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1315-1"}, {"name": "openSUSE-SU-2011:1317", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html"}, {"name": "DSA-2371", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2011/dsa-2371"}, {"name": "FEDORA-2011-16966", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"}, {"name": "FEDORA-2011-16955", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html"}, {"name": "47353", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47353"}, {"name": "RHSA-2011:1807", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2011-1807.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"}, {"name": "77595", "refsource": "OSVDB", "url": "http://osvdb.org/77595"}, {"name": "RHSA-2015:0698", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html"}, {"name": "VU#887409", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/887409"}, {"name": "50992", "refsource": "BID", "url": "http://www.securityfocus.com/bid/50992"}, {"name": "47193", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47193"}, {"name": "SSA:2015-302-02", "refsource": "SLACKWARE", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:09:18.503Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2011:1811", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2011-1811.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747726"}, {"name": "47306", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/47306"}, {"name": "USN-1315-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1315-1"}, {"name": "openSUSE-SU-2011:1317", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html"}, {"name": "DSA-2371", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2011/dsa-2371"}, {"name": "FEDORA-2011-16966", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"}, {"name": "FEDORA-2011-16955", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html"}, {"name": "47353", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/47353"}, {"name": "RHSA-2011:1807", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2011-1807.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"}, {"name": "77595", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/77595"}, {"name": "RHSA-2015:0698", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html"}, {"name": "VU#887409", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/887409"}, {"name": "50992", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/50992"}, {"name": "47193", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/47193"}, {"name": "SSA:2015-302-02", "tags": ["vendor-advisory", "x_refsource_SLACKWARE", "x_transferred"], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2011-4516", "datePublished": "2011-12-15T02:00:00", "dateReserved": "2011-11-22T00:00:00", "dateUpdated": "2024-08-07T00:09:18.503Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2011-12-08T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2016-12-05T22:57:01 (string)

orgId : 37e5125f-f79b-445b-8fad-9564f167944b (string)

shortName : certcc (string)

}

references : [ »

0 : { »

name : RHSA-2011:1811 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://www.redhat.com/support/errata/RHSA-2011-1811.html (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=747726 (string)

}

2 : { »

name : 47306 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/47306 (string)

}

3 : { »

name : USN-1315-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-1315-1 (string)

}

4 : { »

name : openSUSE-SU-2011:1317 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html (string)

}

5 : { »

name : DSA-2371 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2011/dsa-2371 (string)

}

6 : { »

name : FEDORA-2011-16966 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21660640 (string)

}

8 : { »

name : FEDORA-2011-16955 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html (string)

}

9 : { »

name : 47353 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/47353 (string)

}

10 : { »

name : RHSA-2011:1807 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://www.redhat.com/support/errata/RHSA-2011-1807.html (string)

}

11 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html (string)

}

12 : { »

name : 77595 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_OSVDB (string)

]

url : http://osvdb.org/77595 (string)

}

13 : { »

name : RHSA-2015:0698 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-0698.html (string)

}

14 : { »

name : VU#887409 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT-VN (string)

]

url : http://www.kb.cert.org/vuls/id/887409 (string)

}

15 : { »

name : 50992 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/50992 (string)

}

16 : { »

name : 47193 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/47193 (string)

}

17 : { »

name : SSA:2015-302-02 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SLACKWARE (string)

]

url : http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cert@cert.org (string)

ID : CVE-2011-4516 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : RHSA-2011:1811 (string)

refsource : REDHAT (string)

url : http://www.redhat.com/support/errata/RHSA-2011-1811.html (string)

}

1 : { »

name : https://bugzilla.redhat.com/show_bug.cgi?id=747726 (string)

refsource : CONFIRM (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=747726 (string)

}

2 : { »

name : 47306 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/47306 (string)

}

3 : { »

name : USN-1315-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-1315-1 (string)

}

4 : { »

name : openSUSE-SU-2011:1317 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html (string)

}

5 : { »

name : DSA-2371 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2011/dsa-2371 (string)

}

6 : { »

name : FEDORA-2011-16966 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html (string)

}

7 : { »

name : http://www-01.ibm.com/support/docview.wss?uid=swg21660640 (string)

refsource : CONFIRM (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg21660640 (string)

}

8 : { »

name : FEDORA-2011-16955 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html (string)

}

9 : { »

name : 47353 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/47353 (string)

}

10 : { »

name : RHSA-2011:1807 (string)

refsource : REDHAT (string)

url : http://www.redhat.com/support/errata/RHSA-2011-1807.html (string)

}

11 : { »

name : http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html (string)

refsource : CONFIRM (string)

url : http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html (string)

}

12 : { »

name : 77595 (string)

refsource : OSVDB (string)

url : http://osvdb.org/77595 (string)

}

13 : { »

name : RHSA-2015:0698 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2015-0698.html (string)

}

14 : { »

name : VU#887409 (string)

refsource : CERT-VN (string)

url : http://www.kb.cert.org/vuls/id/887409 (string)

}

15 : { »

name : 50992 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/50992 (string)

}

16 : { »

name : 47193 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/47193 (string)

}

17 : { »

name : SSA:2015-302-02 (string)

refsource : SLACKWARE (string)

url : http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-07T00:09:18.503Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : RHSA-2011:1811 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://www.redhat.com/support/errata/RHSA-2011-1811.html (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=747726 (string)

}

2 : { »

name : 47306 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/47306 (string)

}

3 : { »

name : USN-1315-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-1315-1 (string)

}

4 : { »

name : openSUSE-SU-2011:1317 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html (string)

}

5 : { »

name : DSA-2371 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2011/dsa-2371 (string)

}

6 : { »

name : FEDORA-2011-16966 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21660640 (string)

}

8 : { »

name : FEDORA-2011-16955 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html (string)

}

9 : { »

name : 47353 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/47353 (string)

}

10 : { »

name : RHSA-2011:1807 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://www.redhat.com/support/errata/RHSA-2011-1807.html (string)

}

11 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html (string)

}

12 : { »

name : 77595 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_OSVDB (string)

2 : x_transferred (string)

]

url : http://osvdb.org/77595 (string)

}

13 : { »

name : RHSA-2015:0698 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-0698.html (string)

}

14 : { »

name : VU#887409 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT-VN (string)

2 : x_transferred (string)

]

url : http://www.kb.cert.org/vuls/id/887409 (string)

}

15 : { »

name : 50992 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/50992 (string)

}

16 : { »

name : 47193 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/47193 (string)

}

17 : { »

name : SSA:2015-302-02 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SLACKWARE (string)

2 : x_transferred (string)

]

url : http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 37e5125f-f79b-445b-8fad-9564f167944b (string)

assignerShortName : certcc (string)

cveId : CVE-2011-4516 (string)

datePublished : 2011-12-15T02:00:00 (string)

dateReserved : 2011-11-22T00:00:00 (string)

dateUpdated : 2024-08-07T00:09:18.503Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*", "matchCriteriaId": "79C699BE-8585-4A07-88AE-E17CF17D92CD", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:outside_in_technology:8.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "64AA8532-9055-4A9B-BC52-B6D0EDAB8D10", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:outside_in_technology:8.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "506DA542-BD41-4102-A15E-481C81A0AB04", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*", "matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*", "matchCriteriaId": "9396E005-22D8-4342-9323-C7DEA379191D", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "60FBDD82-691C-4D9D-B71B-F9AFF6931B53", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*", "matchCriteriaId": "A44C3422-0D42-473E-ABB4-279D7494EE2F", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*", "matchCriteriaId": "A6B7CDCA-6F39-4113-B5D3-3AA9D7F3D809", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "E8C91701-DF37-4F7B-AB9A-B1BFDB4991F8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file."}, {"lang": "es", "value": "Desbordamiento de buffer de memoria din\u00e1mica en la funci\u00f3n jpc_cox_getcompparms de libjasper/jpc/jpc_cs.c de JasPer 1.900.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de  un valor numrlvls de un archivo JPEG2000."}], "id": "CVE-2011-4516", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-12-15T03:57:34.217", "references": [{"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "http://osvdb.org/77595"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html"}, {"source": "cret@cert.org", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/47193"}, {"source": "cret@cert.org", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/47306"}, {"source": "cret@cert.org", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/47353"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2011/dsa-2371"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/887409"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"}, {"source": "cret@cert.org", "tags": ["Not Applicable"], "url": "http://www.redhat.com/support/errata/RHSA-2011-1807.html"}, {"source": "cret@cert.org", "tags": ["Not Applicable", "Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-1811.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/50992"}, {"source": "cret@cert.org", "tags": ["Release Notes"], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1315-1"}, {"source": "cret@cert.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747726"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://osvdb.org/77595"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/47193"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/47306"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/47353"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2011/dsa-2371"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/887409"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://www.redhat.com/support/errata/RHSA-2011-1807.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable", "Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-1811.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/50992"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1315-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747726"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 79C699BE-8585-4A07-88AE-E17CF17D92CD (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:oracle:outside_in_technology:8.3.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 64AA8532-9055-4A9B-BC52-B6D0EDAB8D10 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:oracle:outside_in_technology:8.3.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 506DA542-BD41-4102-A15E-481C81A0AB04 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* (string)

matchCriteriaId : 01EDA41C-6B2E-49AF-B503-EB3882265C11 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:* (string)

matchCriteriaId : 87614B58-24AB-49FB-9C84-E8DDBA16353B (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:* (string)

matchCriteriaId : EF49D26F-142E-468B-87C1-BABEA445255C (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:* (string)

matchCriteriaId : E4174F4F-149E-41A6-BBCC-D01114C05F38 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 036E8A89-7A16-411F-9D31-676313BB7244 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:* (string)

matchCriteriaId : 9396E005-22D8-4342-9323-C7DEA379191D (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:* (string)

matchCriteriaId : 706C6399-CAD1-46E3-87A2-8DFE2CF497ED (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:* (string)

matchCriteriaId : 60FBDD82-691C-4D9D-B71B-F9AFF6931B53 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:* (string)

matchCriteriaId : A44C3422-0D42-473E-ABB4-279D7494EE2F (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:* (string)

matchCriteriaId : A6B7CDCA-6F39-4113-B5D3-3AA9D7F3D809 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:* (string)

matchCriteriaId : E8C91701-DF37-4F7B-AB9A-B1BFDB4991F8 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file. (string)

}

1 : { »

lang : es (string)

value : Desbordamiento de buffer de memoria dinámica en la función jpc_cox_getcompparms de libjasper/jpc/jpc_cs.c de JasPer 1.900.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un valor numrlvls de un archivo JPEG2000. (string)

}

]

id : CVE-2011-4516 (string)

lastModified : 2025-04-11T00:51:21.963 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.8 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

}

published : 2011-12-15T03:57:34.217 (string)

references : [ »

0 : { »

source : cret@cert.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html (string)

}

1 : { »

source : cret@cert.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html (string)

}

2 : { »

source : cret@cert.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html (string)

}

3 : { »

source : cret@cert.org (string)

tags : [ »

0 : Broken Link (string)

]

url : http://osvdb.org/77595 (string)

}

4 : { »

source : cret@cert.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-0698.html (string)

}

5 : { »

source : cret@cert.org (string)

tags : [ »

0 : Not Applicable (string)

]

url : http://secunia.com/advisories/47193 (string)

}

6 : { »

source : cret@cert.org (string)

tags : [ »

0 : Not Applicable (string)

]

url : http://secunia.com/advisories/47306 (string)

}

7 : { »

source : cret@cert.org (string)

tags : [ »

0 : Not Applicable (string)

]

url : http://secunia.com/advisories/47353 (string)

}

8 : { »

source : cret@cert.org (string)

tags : [ »

0 : Broken Link (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21660640 (string)

}

9 : { »

source : cret@cert.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2011/dsa-2371 (string)

}

10 : { »

source : cret@cert.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : http://www.kb.cert.org/vuls/id/887409 (string)

}

11 : { »

source : cret@cert.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html (string)

}

12 : { »

source : cret@cert.org (string)

tags : [ »

0 : Not Applicable (string)

]

url : http://www.redhat.com/support/errata/RHSA-2011-1807.html (string)

}

13 : { »

source : cret@cert.org (string)

tags : [ »

0 : Not Applicable (string)

1 : Third Party Advisory (string)

]

url : http://www.redhat.com/support/errata/RHSA-2011-1811.html (string)

}

14 : { »

source : cret@cert.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/50992 (string)

}

15 : { »

source : cret@cert.org (string)

tags : [ »

0 : Release Notes (string)

]

url : http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 (string)

}

16 : { »

source : cret@cert.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-1315-1 (string)

}

17 : { »

source : cret@cert.org (string)

tags : [ »

0 : Issue Tracking (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=747726 (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : http://osvdb.org/77595 (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-0698.html (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Not Applicable (string)

]

url : http://secunia.com/advisories/47193 (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Not Applicable (string)

]

url : http://secunia.com/advisories/47306 (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Not Applicable (string)

]

url : http://secunia.com/advisories/47353 (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21660640 (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2011/dsa-2371 (string)

}

28 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : http://www.kb.cert.org/vuls/id/887409 (string)

}

29 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html (string)

}

30 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Not Applicable (string)

]

url : http://www.redhat.com/support/errata/RHSA-2011-1807.html (string)

}

31 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Not Applicable (string)

1 : Third Party Advisory (string)

]

url : http://www.redhat.com/support/errata/RHSA-2011-1811.html (string)

}

32 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/50992 (string)

}

33 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Release Notes (string)

]

url : http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 (string)

}

34 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-1315-1 (string)

}

35 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=747726 (string)

}

]

sourceIdentifier : cret@cert.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-787 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"acknowledgement": "Red Hat would like to thank Jonathan Foote (CERT Coordination Center) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2011:1811", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "netpbm-0:10.35.58-8.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2011-12-12T00:00:00Z"}, {"advisory": "RHSA-2011:1811", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "netpbm-0:10.35.58-8.el5_7.3", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2011-12-12T00:00:00Z"}, {"advisory": "RHSA-2011:1807", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "jasper-0:1.900.1-15.el6_1.1", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2011-12-09T00:00:00Z"}, {"advisory": "RHSA-2015:0698", "cpe": "cpe:/a:redhat:rhev_manager:3", "package": "spice-client-msi-0:3.5-3", "product_name": "RHEV Manager version 3.5", "release_date": "2015-03-18T00:00:00Z"}], "bugzilla": {"description": "jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409)", "id": "747726", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747726"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-122", "details": ["Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.", "A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer (such as Nautilus) to crash or, potentially, execute arbitrary code."], "name": "CVE-2011-4516", "public_date": "2011-12-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-4516\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-4516"], "threat_severity": "Important"}

{

acknowledgement : Red Hat would like to thank Jonathan Foote (CERT Coordination Center) for reporting this issue. (string)

affected_release : [ »

0 : { »

advisory : RHSA-2011:1811 (string)

cpe : cpe:/o:redhat:enterprise_linux:4 (string)

package : netpbm-0:10.35.58-8.el4 (string)

product_name : Red Hat Enterprise Linux 4 (string)

release_date : 2011-12-12T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2011:1811 (string)

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

package : netpbm-0:10.35.58-8.el5_7.3 (string)

product_name : Red Hat Enterprise Linux 5 (string)

release_date : 2011-12-12T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2011:1807 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : jasper-0:1.900.1-15.el6_1.1 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2011-12-09T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2015:0698 (string)

cpe : cpe:/a:redhat:rhev_manager:3 (string)

package : spice-client-msi-0:3.5-3 (string)

product_name : RHEV Manager version 3.5 (string)

release_date : 2015-03-18T00:00:00Z (string)

}

]

bugzilla : { »

description : jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409) (string)

id : 747726 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=747726 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 6.8 (string)

cvss_scoring_vector : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

status : verified (string)

}

cwe : CWE-122 (string)

details : [ »

0 : Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file. (string)

1 : A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer (such as Nautilus) to crash or, potentially, execute arbitrary code. (string)

]

name : CVE-2011-4516 (string)

public_date : 2011-12-08T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2011-4516 https://nvd.nist.gov/vuln/detail/CVE-2011-4516 (string)

]

threat_severity : Important (string)

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object