CVE-2014-8157
published 2015-01-26CVE-2014-8157: Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly…
PriorityP350high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
16.86%
96.7th percentile
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| jasper_project | jasper | <= 1.900.1 | — |
| jasper_project | jasper | >= 0 < 1.900.1-14ubuntu3.2 | 1.900.1-14ubuntu3.2 |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Ghostscript vulnerabilities
vendor_ubuntu·2015-01-26·CVSS 6.8
CVE-2014-8137 [MEDIUM] Ghostscript vulnerabilities
Title: Ghostscript vulnerabilities
Summary: Ghostscript could be made to crash or run programs as your login if it
opened a specially crafted file.
USN-2483-1 fixed vulnerabilities in JasPer. This update provides the
corresponding fix for the JasPer library embedded in the Ghostscript
package.
Original advisory details:
Jose Duart discovered that JasPer incorrectly handled ICC color profiles in
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges. (CVE-2014-8137)
Jose Duart discovered that JasPer incorrectly decoded certain malformed
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a re
Ubuntu
JasPer vulnerabilities
vendor_ubuntu·2015-01-26·CVSS 6.8
CVE-2014-8137 [MEDIUM] JasPer vulnerabilities
Title: JasPer vulnerabilities
Summary: JasPer could be made to crash or run programs as your login if it
opened a specially crafted file.
Jose Duart discovered that JasPer incorrectly handled ICC color profiles in
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges. (CVE-2014-8137)
Jose Duart discovered that JasPer incorrectly decoded certain malformed
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges. (CVE-2014-8138)
It was discovered that JasPer incorrectly handled certain malformed
JP
Red Hat
jasper: dec->numtiles off-by-one check in jpc_dec_process_sot() (oCERT-2015-001)
vendor_redhat·2015-01-21·CVSS 7.5
CVE-2014-8157 [HIGH] CWE-193 jasper: dec->numtiles off-by-one check in jpc_dec_process_sot() (oCERT-2015-001)
jasper: dec->numtiles off-by-one check in jpc_dec_process_sot() (oCERT-2015-001)
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.
Package: netpbm (Red Hat Enterprise Linux 5) - Will not fix
GHSA
GHSA-h547-hw4v-2v53: Off-by-one error in the jpc_dec_process_sot function in JasPer 1
ghsa_unreviewed·2022-05-14
CVE-2014-8157 [HIGH] GHSA-h547-hw4v-2v53: Off-by-one error in the jpc_dec_process_sot function in JasPer 1
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
OSV
jasper vulnerabilities
osv·2015-01-26·CVSS 6.8
CVE-2014-8137 [MEDIUM] jasper vulnerabilities
jasper vulnerabilities
Jose Duart discovered that JasPer incorrectly handled ICC color profiles in
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges. (CVE-2014-8137)
Jose Duart discovered that JasPer incorrectly decoded certain malformed
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges. (CVE-2014-8138)
It was discovered that JasPer incorrectly handled certain malformed
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker
OSV
CVE-2014-8157: Off-by-one error in the jpc_dec_process_sot function in JasPer 1
osv·2015-01-22·CVSS 7.5
CVE-2014-8157 [HIGH] CVE-2014-8157: Off-by-one error in the jpc_dec_process_sot function in JasPer 1
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-8157 CVE-2014-8158 mingw-jasper: various flaws [fedora-all]
bugzilla·2015-01-22·CVSS 7.5
CVE-2014-8157 [HIGH] CVE-2014-8157 CVE-2014-8158 mingw-jasper: various flaws [fedora-all]
CVE-2014-8157 CVE-2014-8158 mingw-jasper: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. W
Bugzilla
CVE-2014-8157 CVE-2014-8158 mingw-jasper: various flaws [epel-7]
bugzilla·2015-01-22·CVSS 7.5
CVE-2014-8157 [HIGH] CVE-2014-8157 CVE-2014-8158 mingw-jasper: various flaws [epel-7]
CVE-2014-8157 CVE-2014-8158 mingw-jasper: various flaws [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-7 tracking bug for mingw-jasper: see blocks bug list for fu
Bugzilla
CVE-2014-8157 CVE-2014-8158 jasper: various flaws [fedora-all]
bugzilla·2015-01-22·CVSS 7.5
CVE-2014-8157 [HIGH] CVE-2014-8157 CVE-2014-8158 jasper: various flaws [fedora-all]
CVE-2014-8157 CVE-2014-8158 jasper: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While o
Bugzilla
CVE-2014-8157 CVE-2014-8158 jasper: various flaws [epel-5]
bugzilla·2015-01-22·CVSS 7.5
CVE-2014-8157 [HIGH] CVE-2014-8157 CVE-2014-8158 jasper: various flaws [epel-5]
CVE-2014-8157 CVE-2014-8158 jasper: various flaws [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-5 tracking bug for jasper: see blocks bug list for full details o
Bugzilla
CVE-2014-8157 jasper: dec->numtiles off-by-one check in jpc_dec_process_sot() (oCERT-2015-001)
bugzilla·2015-01-06·CVSS 7.5
CVE-2014-8157 [HIGH] CVE-2014-8157 jasper: dec->numtiles off-by-one check in jpc_dec_process_sot() (oCERT-2015-001)
CVE-2014-8157 jasper: dec->numtiles off-by-one check in jpc_dec_process_sot() (oCERT-2015-001)
oCERT reports an issue in jasper discovered by pyddeh:
"""
jpc_dec.c:1204:
dec->numhtiles = JPC_CEILDIV(dec->xend - dec->tilexoff, dec->tilewidth);
dec->numvtiles = JPC_CEILDIV(dec->yend - dec->tileyoff, dec->tileheight);
dec->numtiles = dec->numhtiles * dec->numvtiles;
if (!(dec->tiles = jas_malloc(dec->numtiles * sizeof(jpc_dec_tile_t)))) {
return -1;
}
the dec->XXX in JPC_CEILDIV are all directly from the codestream, so
dec->numtiles can be 0. In that case, the minimum-sized chunk returned by
malloc can, depending on the code stream, be used later. I think this can
cause the same problems as a use after free. Fix proposal:
if ( dec->numtiles == 0 || !(dec->tiles = jas_malloc(dec->numtile
http://advisories.mageia.org/MGASA-2015-0038.htmlhttp://lists.opensuse.org/opensuse-updates/2015-02/msg00014.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0074.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0698.htmlhttp://secunia.com/advisories/62583http://secunia.com/advisories/62615http://secunia.com/advisories/62619http://secunia.com/advisories/62765http://www.debian.org/security/2015/dsa-3138http://www.mandriva.com/security/advisories?name=MDVSA-2015:034http://www.mandriva.com/security/advisories?name=MDVSA-2015:159http://www.ocert.org/advisories/ocert-2015-001.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.securityfocus.com/bid/72296http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606http://www.ubuntu.com/usn/USN-2483-1http://www.ubuntu.com/usn/USN-2483-2https://bugzilla.redhat.com/show_bug.cgi?id=1179282http://advisories.mageia.org/MGASA-2015-0038.htmlhttp://lists.opensuse.org/opensuse-updates/2015-02/msg00014.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0074.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0698.htmlhttp://secunia.com/advisories/62583http://secunia.com/advisories/62615http://secunia.com/advisories/62619http://secunia.com/advisories/62765http://www.debian.org/security/2015/dsa-3138http://www.mandriva.com/security/advisories?name=MDVSA-2015:034http://www.mandriva.com/security/advisories?name=MDVSA-2015:159http://www.ocert.org/advisories/ocert-2015-001.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.securityfocus.com/bid/72296http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606http://www.ubuntu.com/usn/USN-2483-1http://www.ubuntu.com/usn/USN-2483-2https://bugzilla.redhat.com/show_bug.cgi?id=1179282
2015-01-26
Published