ID CVE-2014-8158
Summary Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.
References
Vulnerable Configurations
  • Jasper Project Jasper 1.900.1
    cpe:2.3:a:jasper_project:jasper:1.900.1
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • cpe:2.3:o:redhat:enterprise_linux:6.0
    cpe:2.3:o:redhat:enterprise_linux:6.0
  • Red Hat Enterprise Linux (RHEL) 7.0 (7)
    cpe:2.3:o:redhat:enterprise_linux:7.0
  • OpenSUSE 13.1
    cpe:2.3:o:opensuse:opensuse:13.1
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
CVSS
Base: 6.8 (as of 27-02-2015 - 14:30)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1270.NASL
    description This update for jasper to version 1.900.14 fixes several issues. These security issues were fixed : - CVE-2008-3522: Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer might have allowed context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (bsc#392410) - CVE-2015-5203: Double free corruption in JasPer JPEG-2000 implementation (bsc#941919). - CVE-2015-5221: Use-after-free (and double-free) in Jasper JPEG-200 (bsc#942553). - CVE-2016-1577: Double free vulnerability in the jas_iccattrval_destroy function in JasPer allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137 (bsc#968373). - CVE-2016-2116: Memory leak in the jas_iccprof_createfrombuf function in JasPer allowed remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file (bsc#968373) - CVE-2016-8690: NULL pointer dereference in bmp_getdata triggered by crafted BMP image (bsc#1005084). - CVE-2016-8691, CVE-2016-8692: Missing range check on XRsiz and YRsiz fields of SIZ marker segment (bsc#1005090). - CVE-2016-8693: The memory stream interface allowed for a buffer size of zero. The case of a zero-sized buffer was not handled correctly, as it could lead to a double free (bsc#1005242). - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox() (bsc#1006591). - CVE-2016-8881: Heap overflow in jpc_getuint16() (bsc#1006593). - CVE-2016-8882: NULL pointer access in jpc_pi_destroy (bsc#1006597). - CVE-2016-8883: Assert triggered in jpc_dec_tiledecode() (bsc#1006598). - CVE-2016-8886: Memory allocation failure in jas_malloc (jas_malloc.c) (bsc#1006599). For additional change description please have a look at the changelog.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 94601
    published 2016-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94601
    title openSUSE Security Update : jasper (openSUSE-2016-1270)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2483-1.NASL
    description Jose Duart discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2014-8137) Jose Duart discovered that JasPer incorrectly decoded certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2014-8138) It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2014-8157) It was discovered that JasPer incorrectly handled memory when processing JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2014-8158). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 81017
    published 2015-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81017
    title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : jasper vulnerabilities (USN-2483-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0698.NASL
    description Updated rhevm-spice-client packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Virtualization Manager 3. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123 Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8138, CVE-2014-8157, CVE-2014-8158, CVE-2014-9029, CVE-2014-8137, CVE-2011-4516, CVE-2011-4517, CVE-2008-3520, CVE-2008-3522) Red Hat would like to thank oCERT for reporting CVE-2014-8137, CVE-2014-8138, CVE-2014-8157, CVE-2014-8158, CVE-2014-9029, CVE-2011-4516, and CVE-2011-4517. oCERT acknowledges Jose Duart of the Google Security Team as the original reporter of CVE-2014-8137 and CVE-2014-8138; and pyddeh as the original reporter of CVE-2014-8157 and CVE-2014-8158. The mingw-openssl and mingw-jasper packages have been upgraded to the latest upstream version, which provides a number of bug fixes and enhancements over the previous version. (BZ#1187585) This update also fixes the following bugs : * Previously, a guest system installed with tools incorrectly always started in full screen mode, even when the 'Open in Full Screen' option was unchecked in console options. Now, when connecting in window mode with the option unchecked, the guest system starts in a window as expected. (BZ#1172126) * Prior to this update, copying and pasting of images from the client to the guest did not work when spice-gtk was built from upstream. Now, images can be copied and pasted without problems. (BZ#1187270) In addition, this update adds the following enhancement : * Administrators now have the option of automatic multiuser installation of virt-viewer onto many client workstations. (BZ#1187272) All rhevm-spice-client users are advised to upgrade to these updated packages, which correct these issues and add these enhancement.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 81969
    published 2015-03-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81969
    title RHEL 6 : rhevm-spice-client (RHSA-2015:0698) (POODLE)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2483-2.NASL
    description USN-2483-1 fixed vulnerabilities in JasPer. This update provides the corresponding fix for the JasPer library embedded in the Ghostscript package. Jose Duart discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2014-8137) Jose Duart discovered that JasPer incorrectly decoded certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2014-8138) It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2014-8157) It was discovered that JasPer incorrectly handled memory when processing JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2014-8158). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 81018
    published 2015-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81018
    title Ubuntu 10.04 LTS : ghostscript vulnerabilities (USN-2483-2)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-159.NASL
    description Updated jasper packages fix security vulnerabilities : Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, which could lead to denial of service (application crash) or the execution of arbitrary code (CVE-2014-9029). A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8137). A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8138). An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8157). An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8158).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 82412
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82412
    title Mandriva Linux Security Advisory : jasper (MDVSA-2015:159)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2775-1.NASL
    description This update for jasper to version 1.900.14 fixes several issues. These security issues were fixed : - CVE-2016-8887: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (bsc#1006836) - CVE-2016-8886: memory allocation failure in jas_malloc (jas_malloc.c) (bsc#1006599) - CVE-2016-8884,CVE-2016-8885: two NULL pointer dereferences in bmp_getdata (incomplete fix for CVE-2016-8690) (bsc#1007009) - CVE-2016-8883: assert in jpc_dec_tiledecode() (bsc#1006598) - CVE-2016-8882: segfault / NULL pointer access in jpc_pi_destroy (bsc#1006597) - CVE-2016-8881: Heap overflow in jpc_getuint16() (bsc#1006593) - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox() (bsc#1006591) - CVE-2016-8693 Double free vulnerability in mem_close (bsc#1005242) - CVE-2016-8691, CVE-2016-8692: Divide by zero in jpc_dec_process_siz (bsc#1005090) - CVE-2016-8690: NULL pointer dereference in bmp_getdata triggered by crafted BMP image (bsc#1005084) - CVE-2016-2116: Memory leak in the jas_iccprof_createfrombuf function in JasPer allowed remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file (bsc#968373) - CVE-2016-2089: invalid read in the JasPer's jas_matrix_clip() function (bsc#963983) - CVE-2016-1867: Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function (bsc#961886) - CVE-2015-5221: Use-after-free (and double-free) in Jasper JPEG-200 (bsc#942553). - CVE-2015-5203: Double free corruption in JasPer JPEG-2000 implementation (bsc#941919) - CVE-2008-3522: Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer might have allowed context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (bsc#392410) - jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (incomplete fix for CVE-2016-8887) (bsc#1006839) For additional change description please have a look at the changelog. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 94728
    published 2016-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94728
    title SUSE SLED12 / SLES12 Security Update : jasper (SUSE-SU-2016:2775-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-138.NASL
    description An off-by-one flaw, leading to a heap-based buffer overflow (CVE-2014-8157), and an unrestricted stack memory use flaw (CVE-2014-8158) were found in JasPer, a library for manipulating JPEG-2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 82121
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82121
    title Debian DLA-138-1 : jasper security update
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0074.NASL
    description From Red Hat Security Advisory 2015:0074 : Updated jasper packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8157) An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8158) Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges pyddeh as the original reporter. All JasPer users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All applications using the JasPer libraries must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 80927
    published 2015-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80927
    title Oracle Linux 6 / 7 : jasper (ELSA-2015-0074)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-1159.NASL
    description This update fixes two security flaws in jasper. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 81213
    published 2015-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81213
    title Fedora 20 : jasper-1.900.1-28.fc20 (2015-1159)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-1062.NASL
    description This update fixes two security flaws in jasper. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 81212
    published 2015-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81212
    title Fedora 21 : jasper-1.900.1-30.fc21 (2015-1062)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_006E3B7CD7D711E5B85F0018FE623F2B.NASL
    description oCERT reports : The library is affected by a double-free vulnerability in function jas_iccattrval_destroy() as well as a heap-based buffer overflow in function jp2_decode(). A specially crafted jp2 file can be used to trigger the vulnerabilities. oCERT reports : The library is affected by an off-by-one error in a buffer boundary check in jpc_dec_process_sot(), leading to a heap based buffer overflow, as well as multiple unrestricted stack memory use issues in jpc_qmfb.c, leading to stack overflow. A specially crafted jp2 file can be used to trigger the vulnerabilities. oCERT reports : Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. limingxing reports : A vulnerability was found in the way the JasPer's jas_matrix_clip() function parses certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 88875
    published 2016-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88875
    title FreeBSD : jasper -- multiple vulnerabilities (006e3b7c-d7d7-11e5-b85f-0018fe623f2b)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JASPER-150203.NASL
    description This update for jasper fixes the following security issues : - Double free in jas_iccattrval_destroy(). Double call to free() allowed attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. (bsc#909474). (CVE-2014-8137) - Heap overflow in jas_decode(). This could be used to do an arbitrary write and could result in arbitrary code execution. (bsc#909475). (CVE-2014-8138) - Off-by-one error in the jpc_dec_process_sot(). Could allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow. (bsc#911837). (CVE-2014-8157) - Multiple stack-based buffer overflows in jpc_qmfb.c. Could allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image. (bsc#911837). (CVE-2014-8158)
    last seen 2019-02-21
    modified 2015-02-12
    plugin id 81311
    published 2015-02-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81311
    title SuSE 11.3 Security Update : jasper (SAT Patch Number 10261)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-1125.NASL
    description Fixes for CVE-2014-8157 and CVE-2014-8158 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 81133
    published 2015-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81133
    title Fedora 20 : mingw-jasper-1.900.1-26.fc20 (2015-1125)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-97.NASL
    description This update fixes the following security issues : - CVE-2014-8157, CVE-2014-8158: use after free and OOB vulnerabilities (bnc#911837)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 81155
    published 2015-02-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81155
    title openSUSE Security Update : jasper (openSUSE-SU-2015:0200-1)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0102.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Bump release - Multiple security fixes (fixed by thoger): CVE-2015-5203 CVE-2015-5221 CVE-2016-1577 CVE-2016-1867 (CVE-2016-2089) CVE-2016-2116 CVE-2016-8654 CVE-2016-8690 CVE-2016-8691 (CVE-2016-8692) CVE-2016-8693 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 (CVE-2016-9262) CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 (CVE-2016-9391) CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9560 (CVE-2016-9583) CVE-2016-9591 CVE-2016-9600 CVE-2016-10248 CVE-2016-10249 (CVE-2016-10251) - Fix implicit declaration warning caused by security fixes above - CVE-2014-8157 - dec->numtiles off-by-one check in jpc_dec_process_sot (#1183672) - CVE-2014-8158 - unrestricted stack memory use in jpc_qmfb.c (#1183680) - CVE-2014-8137 - double-free in in jas_iccattrval_destroy (#1173567) - CVE-2014-8138 - heap overflow in jp2_decode (#1173567) - CVE-2014-9029 - incorrect component number check in COC, RGN and QCC marker segment decoders (#1171209)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 100116
    published 2017-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100116
    title OracleVM 3.3 / 3.4 : jasper (OVMSA-2017-0102)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150122_JASPER_ON_SL6_X.NASL
    description An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8157) An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8158) All applications using the JasPer libraries must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 80933
    published 2015-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80933
    title Scientific Linux Security Update : jasper on SL6.x, SL7.x i386/x86_64
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0006.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - CVE-2014-8157 - dec->numtiles off-by-one check in jpc_dec_process_sot (#1183671) - CVE-2014-8158 - unrestricted stack memory use in jpc_qmfb.c (#1183679) - CVE-2014-8137 - double-free in in jas_iccattrval_destroy (#1173566) - CVE-2014-8138 - heap overflow in jp2_decode (#1173566) - CVE-2014-9029 - incorrect component number check in COC, RGN and QCC marker segment decoders (#1171208)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 81012
    published 2015-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81012
    title OracleVM 3.3 : jasper (OVMSA-2015-0006)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-1068.NASL
    description Fixes for CVE-2014-8157 and CVE-2014-8158 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 81132
    published 2015-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81132
    title Fedora 21 : mingw-jasper-1.900.1-26.fc21 (2015-1068)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1309.NASL
    description This update for jasper to version 1.900.14 fixes several issues. These security issues were fixed : - CVE-2016-8887: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (bsc#1006836) - CVE-2016-8886: memory allocation failure in jas_malloc (jas_malloc.c) (bsc#1006599) - CVE-2016-8884,CVE-2016-8885: two NULL pointer dereferences in bmp_getdata (incomplete fix for CVE-2016-8690) (bsc#1007009) - CVE-2016-8883: assert in jpc_dec_tiledecode() (bsc#1006598) - CVE-2016-8882: segfault / NULL pointer access in jpc_pi_destroy (bsc#1006597) - CVE-2016-8881: Heap overflow in jpc_getuint16() (bsc#1006593) - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox() (bsc#1006591) - CVE-2016-8693 Double free vulnerability in mem_close (bsc#1005242) - CVE-2016-8691, CVE-2016-8692: Divide by zero in jpc_dec_process_siz (bsc#1005090) - CVE-2016-8690: NULL pointer dereference in bmp_getdata triggered by crafted BMP image (bsc#1005084) - CVE-2016-2116: Memory leak in the jas_iccprof_createfrombuf function in JasPer allowed remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file (bsc#968373) - CVE-2016-2089: invalid read in the JasPer's jas_matrix_clip() function (bsc#963983) - CVE-2016-1867: Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function (bsc#961886) - CVE-2015-5221: Use-after-free (and double-free) in Jasper JPEG-200 (bsc#942553). - CVE-2015-5203: Double free corruption in JasPer JPEG-2000 implementation (bsc#941919) - CVE-2008-3522: Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer might have allowed context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (bsc#392410) - jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (incomplete fix for CVE-2016-8887) (bsc#1006839) For additional change description please have a look at the changelog. This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2017-02-27
    plugin id 94945
    published 2016-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94945
    title openSUSE Security Update : jasper (openSUSE-2016-1309)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3138.NASL
    description An off-by-one flaw, leading to a heap-based buffer overflow (CVE-2014-8157 ), and an unrestricted stack memory use flaw (CVE-2014-8158 ) were found in JasPer, a library for manipulating JPEG-2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 80973
    published 2015-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80973
    title Debian DSA-3138-1 : jasper - security update
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-034.NASL
    description Updated jasper packages fix security vulnerabilities : An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8157). An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8158).
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 81234
    published 2015-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81234
    title Mandriva Linux Security Advisory : jasper (MDVSA-2015:034)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-0288-1.NASL
    description jasper was updated to fix two security issues. These security issues were fixed : - CVE-2014-8157: Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow (bnc#911837). CVE-2014-8158: Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image (bnc#911837). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 83681
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83681
    title SUSE SLED12 / SLES12 Security Update : jasper (SUSE-SU-2015:0288-1)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2015-302-02.NASL
    description New jasper packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 86663
    published 2015-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86663
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : jasper (SSA:2015-302-02)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2015-479.NASL
    description An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8157) An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8158)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 81325
    published 2015-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81325
    title Amazon Linux AMI : jasper (ALAS-2015-479)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201503-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201503-01 (JasPer: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in JasPer. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted file using JasPer, possibly resulting in execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 81686
    published 2015-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81686
    title GLSA-201503-01 : JasPer: Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0074.NASL
    description Updated jasper packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8157) An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8158) Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges pyddeh as the original reporter. All JasPer users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All applications using the JasPer libraries must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 80930
    published 2015-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80930
    title RHEL 6 / 7 : jasper (RHSA-2015:0074)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-0074.NASL
    description Updated jasper packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8157) An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8158) Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges pyddeh as the original reporter. All JasPer users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All applications using the JasPer libraries must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 80969
    published 2015-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80969
    title CentOS 6 / 7 : jasper (CESA-2015:0074)
redhat via4
advisories
  • bugzilla
    id 1179298
    title CVE-2014-8158 jasper: unrestricted stack memory use in jpc_qmfb.c (oCERT-2015-001)
    oval
    OR
    • AND
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhsa:tst:20140675001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhsa:tst:20140675002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20140675003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20140675004
      • OR
        • AND
          • comment jasper is earlier than 0:1.900.1-26.el7_0.3
            oval oval:com.redhat.rhsa:tst:20150074005
          • comment jasper is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111807006
        • AND
          • comment jasper-devel is earlier than 0:1.900.1-26.el7_0.3
            oval oval:com.redhat.rhsa:tst:20150074011
          • comment jasper-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111807012
        • AND
          • comment jasper-libs is earlier than 0:1.900.1-26.el7_0.3
            oval oval:com.redhat.rhsa:tst:20150074007
          • comment jasper-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111807008
        • AND
          • comment jasper-utils is earlier than 0:1.900.1-26.el7_0.3
            oval oval:com.redhat.rhsa:tst:20150074009
          • comment jasper-utils is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111807010
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhsa:tst:20100842001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhsa:tst:20100842002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20100842003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20100842004
      • OR
        • AND
          • comment jasper is earlier than 0:1.900.1-16.el6_6.3
            oval oval:com.redhat.rhsa:tst:20150074017
          • comment jasper is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111807006
        • AND
          • comment jasper-devel is earlier than 0:1.900.1-16.el6_6.3
            oval oval:com.redhat.rhsa:tst:20150074019
          • comment jasper-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111807012
        • AND
          • comment jasper-libs is earlier than 0:1.900.1-16.el6_6.3
            oval oval:com.redhat.rhsa:tst:20150074020
          • comment jasper-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111807008
        • AND
          • comment jasper-utils is earlier than 0:1.900.1-16.el6_6.3
            oval oval:com.redhat.rhsa:tst:20150074018
          • comment jasper-utils is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111807010
    rhsa
    id RHSA-2015:0074
    released 2015-01-22
    severity Important
    title RHSA-2015:0074: jasper security update (Important)
  • rhsa
    id RHSA-2015:0698
rpms
  • jasper-0:1.900.1-26.el7_0.3
  • jasper-devel-0:1.900.1-26.el7_0.3
  • jasper-libs-0:1.900.1-26.el7_0.3
  • jasper-utils-0:1.900.1-26.el7_0.3
  • jasper-0:1.900.1-16.el6_6.3
  • jasper-devel-0:1.900.1-16.el6_6.3
  • jasper-libs-0:1.900.1-16.el6_6.3
  • jasper-utils-0:1.900.1-16.el6_6.3
refmap via4
bid 72293
confirm http://advisories.mageia.org/MGASA-2015-0038.html
debian DSA-3138
mandriva
  • MDVSA-2015:034
  • MDVSA-2015:159
misc http://www.ocert.org/advisories/ocert-2015-001.html
secunia
  • 62583
  • 62615
  • 62619
  • 62765
slackware SSA:2015-302-02
suse openSUSE-SU-2015:0200
ubuntu
  • USN-2483-1
  • USN-2483-2
Last major update 02-01-2017 - 21:59
Published 26-01-2015 - 10:59
Last modified 30-10-2018 - 12:27
Back to Top