ID CVE-2014-9029
Summary Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:jasper_project:jasper:-:*:*:*:*:*:*:*
    cpe:2.3:a:jasper_project:jasper:-:*:*:*:*:*:*:*
  • cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*
    cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 09-10-2018 - 19:54)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1173162
    title CVE-2014-8138 jasper: heap overflow in jp2_decode() (oCERT-2014-012)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment jasper is earlier than 0:1.900.1-26.el7_0.2
            oval oval:com.redhat.rhsa:tst:20142021001
          • comment jasper is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111807002
        • AND
          • comment jasper-devel is earlier than 0:1.900.1-26.el7_0.2
            oval oval:com.redhat.rhsa:tst:20142021003
          • comment jasper-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111807004
        • AND
          • comment jasper-libs is earlier than 0:1.900.1-26.el7_0.2
            oval oval:com.redhat.rhsa:tst:20142021005
          • comment jasper-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111807006
        • AND
          • comment jasper-utils is earlier than 0:1.900.1-26.el7_0.2
            oval oval:com.redhat.rhsa:tst:20142021007
          • comment jasper-utils is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111807008
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment jasper is earlier than 0:1.900.1-16.el6_6.2
            oval oval:com.redhat.rhsa:tst:20142021010
          • comment jasper is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111807002
        • AND
          • comment jasper-devel is earlier than 0:1.900.1-16.el6_6.2
            oval oval:com.redhat.rhsa:tst:20142021011
          • comment jasper-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111807004
        • AND
          • comment jasper-libs is earlier than 0:1.900.1-16.el6_6.2
            oval oval:com.redhat.rhsa:tst:20142021012
          • comment jasper-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111807006
        • AND
          • comment jasper-utils is earlier than 0:1.900.1-16.el6_6.2
            oval oval:com.redhat.rhsa:tst:20142021013
          • comment jasper-utils is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111807008
    rhsa
    id RHSA-2014:2021
    released 2014-12-18
    severity Important
    title RHSA-2014:2021: jasper security update (Important)
  • rhsa
    id RHSA-2015:0698
rpms
  • jasper-0:1.900.1-16.el6_6.2
  • jasper-0:1.900.1-26.el7_0.2
  • jasper-debuginfo-0:1.900.1-16.el6_6.2
  • jasper-debuginfo-0:1.900.1-26.el7_0.2
  • jasper-devel-0:1.900.1-16.el6_6.2
  • jasper-devel-0:1.900.1-26.el7_0.2
  • jasper-libs-0:1.900.1-16.el6_6.2
  • jasper-libs-0:1.900.1-26.el7_0.2
  • jasper-utils-0:1.900.1-16.el6_6.2
  • jasper-utils-0:1.900.1-26.el7_0.2
  • rhevm-spice-client-x64-cab-0:3.5-3.el6
  • rhevm-spice-client-x64-msi-0:3.5-3.el6
  • rhevm-spice-client-x86-cab-0:3.5-3.el6
  • rhevm-spice-client-x86-msi-0:3.5-3.el6
refmap via4
bid 71476
bugtraq 20141204 [oCERT-2014-009] JasPer input sanitization errors
confirm
debian DSA-3089
mandriva
  • MDVSA-2014:247
  • MDVSA-2015:159
misc
mlist [oss-security] 20141204 [oCERT-2014-009] JasPer input sanitization errors
secunia
  • 61747
  • 62828
slackware SSA:2015-302-02
ubuntu
  • USN-2434-1
  • USN-2434-2
xf jasper-cve20149029-bo(99125)
Last major update 09-10-2018 - 19:54
Published 08-12-2014 - 16:59
Last modified 09-10-2018 - 19:54
Back to Top