Check Point Advisories

Oracle Outside In JPEG 2000 COD and COC Parameter Heap Buffer Overflow (CVE-2011-4516)

Check Point Reference: CPAI-2012-229
Date Published: 27 Aug 2012
Severity: Critical
Last Updated: Wednesday 17 April, 2024
Source: CVE-2011-4516
Protection Provided by:

Security Gateway
R75
Who is Vulnerable? Oracle Outside In Technology 8.3.5.0
Oracle Outside In Technology 8.3.7.0
Michael Adams JasPer 1.701
Michael Adams JasPer 1.900
Michael Adams JasPer 1.900.1
Vulnerability Description A heap buffer overflow vulnerability exists in Oracle Outside In, a set of libraries used to decode many file formats. Successful exploitation can result in arbitrary code execution in the context of the affected application.
Vulnerability DetailsA vulnerability exists in Oracle Outside In when processing invalid coding style default (COD) marker segments or invalid coding style component (COC) marker segments from JP2 files. This vulnerability can be exploited by causing an application that uses the vulnerable library to handle a malformed JPEG 2000 file.

Protection Overview

This protection will detect and block malicious JPEG 2000 files.

Security Gateway R75 / R71 / R70

  1. In the IPS tab, click Protections and find the Oracle Outside In JPEG 2000 COD and COC Parameter Heap Buffer Overflow protection using the Search tool and Edit the protection's settings.
  2. Install policy on all modules.

SmartView Tracker will log the following entries:
Attack Name: Oracle Protection Violation
Attack Information: Oracle Outside In JPEG 2000 COD and COC Parameter Heap Buffer Overflow

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK