CVE-2014-8138
published 2014-12-24CVE-2014-8138: Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly…
PriorityP350high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
18.50%
96.9th percentile
Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jasper_project | jasper | — | — |
| jasper_project | jasper | >= 0 < 1.900.1-14ubuntu3.2 | 1.900.1-14ubuntu3.2 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vv3q-8xfg-h2jp: Heap-based buffer overflow in the jp2_decode function in JasPer 1
ghsa_unreviewed·2022-05-14
CVE-2014-8138 [HIGH] CWE-119 GHSA-vv3q-8xfg-h2jp: Heap-based buffer overflow in the jp2_decode function in JasPer 1
Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.
OSV
jasper vulnerabilities
osv·2015-01-26·CVSS 6.8
CVE-2014-8137 [MEDIUM] jasper vulnerabilities
jasper vulnerabilities
Jose Duart discovered that JasPer incorrectly handled ICC color profiles in
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges. (CVE-2014-8137)
Jose Duart discovered that JasPer incorrectly decoded certain malformed
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges. (CVE-2014-8138)
It was discovered that JasPer incorrectly handled certain malformed
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker
OSV
CVE-2014-8138: Heap-based buffer overflow in the jp2_decode function in JasPer 1
osv·2014-12-24·CVSS 7.5
CVE-2014-8138 [HIGH] CVE-2014-8138: Heap-based buffer overflow in the jp2_decode function in JasPer 1
Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.
Ubuntu
Ghostscript vulnerabilities
vendor_ubuntu·2015-01-26·CVSS 6.8
CVE-2014-8137 [MEDIUM] Ghostscript vulnerabilities
Title: Ghostscript vulnerabilities
Summary: Ghostscript could be made to crash or run programs as your login if it
opened a specially crafted file.
USN-2483-1 fixed vulnerabilities in JasPer. This update provides the
corresponding fix for the JasPer library embedded in the Ghostscript
package.
Original advisory details:
Jose Duart discovered that JasPer incorrectly handled ICC color profiles in
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges. (CVE-2014-8137)
Jose Duart discovered that JasPer incorrectly decoded certain malformed
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a re
Ubuntu
JasPer vulnerabilities
vendor_ubuntu·2015-01-26·CVSS 6.8
CVE-2014-8137 [MEDIUM] JasPer vulnerabilities
Title: JasPer vulnerabilities
Summary: JasPer could be made to crash or run programs as your login if it
opened a specially crafted file.
Jose Duart discovered that JasPer incorrectly handled ICC color profiles in
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges. (CVE-2014-8137)
Jose Duart discovered that JasPer incorrectly decoded certain malformed
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges. (CVE-2014-8138)
It was discovered that JasPer incorrectly handled certain malformed
JP
Red Hat
jasper: heap overflow in jp2_decode() (oCERT-2014-012)
vendor_redhat·2014-12-18·CVSS 7.5
CVE-2014-8138 [HIGH] CWE-122 jasper: heap overflow in jp2_decode() (oCERT-2014-012)
jasper: heap overflow in jp2_decode() (oCERT-2014-012)
Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.
A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.
Package: netpbm (Red Hat Enterprise Linux 5) - Will not fix
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-8138 CVE-2014-8137 jasper: various flaws [epel-5]
bugzilla·2014-12-18·CVSS 6.8
CVE-2014-8138 [MEDIUM] CVE-2014-8138 CVE-2014-8137 jasper: various flaws [epel-5]
CVE-2014-8138 CVE-2014-8137 jasper: various flaws [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-5 tracking bug for jasper: see blocks bug list for full details o
Bugzilla
CVE-2014-8138 CVE-2014-8137 jasper: various flaws [fedora-all]
bugzilla·2014-12-18·CVSS 6.8
CVE-2014-8138 [MEDIUM] CVE-2014-8138 CVE-2014-8137 jasper: various flaws [fedora-all]
CVE-2014-8138 CVE-2014-8137 jasper: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While o
Bugzilla
CVE-2014-8138 CVE-2014-8137 mingw-jasper: various flaws [epel-7]
bugzilla·2014-12-18·CVSS 6.8
CVE-2014-8138 [MEDIUM] CVE-2014-8138 CVE-2014-8137 mingw-jasper: various flaws [epel-7]
CVE-2014-8138 CVE-2014-8137 mingw-jasper: various flaws [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-7 tracking bug for mingw-jasper: see blocks bug list for fu
Bugzilla
CVE-2014-8138 CVE-2014-8137 mingw-jasper: various flaws [fedora-all]
bugzilla·2014-12-18·CVSS 6.8
CVE-2014-8138 [MEDIUM] CVE-2014-8138 CVE-2014-8137 mingw-jasper: various flaws [fedora-all]
CVE-2014-8138 CVE-2014-8137 mingw-jasper: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. W
Bugzilla
CVE-2014-8138 jasper: heap overflow in jp2_decode() (oCERT-2014-012)
bugzilla·2014-12-11·CVSS 7.5
CVE-2014-8138 [HIGH] CVE-2014-8138 jasper: heap overflow in jp2_decode() (oCERT-2014-012)
CVE-2014-8138 jasper: heap overflow in jp2_decode() (oCERT-2014-012)
oCERT reports a heap-overflow issue in jp2_decode() in jasper:
This code in jas_decode doesn't check for an upper bound on the value of
channo:
jas_image_setcmpttype(dec->image,
dec->chantocmptlut[dec->cdef->data.cdef.ents[i].channo],
jp2_getct(jas_image_clrspc(dec->image),
dec->cdef->data.cdef.ents[i].type, dec->cdef->data.cdef.ents[i].assoc));
This could be used via jas_image_setcmpttype (actually this is just
image->cmpts_[cmptno]->type_ = type), to do an arbitrary write since
there's no bound check there either.
Acknowledgements:
Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Jose Duart of the Google Security Team as the original reporter.
Discussion:
Created attachment 967280
http://advisories.mageia.org/MGASA-2014-0539.htmlhttp://lists.opensuse.org/opensuse-updates/2015-01/msg00013.htmlhttp://lists.opensuse.org/opensuse-updates/2015-01/msg00014.htmlhttp://lists.opensuse.org/opensuse-updates/2015-01/msg00017.htmlhttp://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.htmlhttp://rhn.redhat.com/errata/RHSA-2014-2021.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0698.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1713.htmlhttp://secunia.com/advisories/61747http://secunia.com/advisories/62311http://secunia.com/advisories/62615http://secunia.com/advisories/62619http://www.debian.org/security/2014/dsa-3106http://www.mandriva.com/security/advisories?name=MDVSA-2015:012http://www.mandriva.com/security/advisories?name=MDVSA-2015:159http://www.securityfocus.com/bid/71746http://www.securitytracker.com/id/1033459http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606http://www.ubuntu.com/usn/USN-2483-1http://www.ubuntu.com/usn/USN-2483-2https://www.ocert.org/advisories/ocert-2014-012.htmlhttp://advisories.mageia.org/MGASA-2014-0539.htmlhttp://lists.opensuse.org/opensuse-updates/2015-01/msg00013.htmlhttp://lists.opensuse.org/opensuse-updates/2015-01/msg00014.htmlhttp://lists.opensuse.org/opensuse-updates/2015-01/msg00017.htmlhttp://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.htmlhttp://rhn.redhat.com/errata/RHSA-2014-2021.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0698.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1713.htmlhttp://secunia.com/advisories/61747http://secunia.com/advisories/62311http://secunia.com/advisories/62615http://secunia.com/advisories/62619http://www.debian.org/security/2014/dsa-3106http://www.mandriva.com/security/advisories?name=MDVSA-2015:012http://www.mandriva.com/security/advisories?name=MDVSA-2015:159http://www.securityfocus.com/bid/71746http://www.securitytracker.com/id/1033459http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606http://www.ubuntu.com/usn/USN-2483-1http://www.ubuntu.com/usn/USN-2483-2https://www.ocert.org/advisories/ocert-2014-012.html
2014-12-24
Published