CVE-2014-9029
published 2014-12-08CVE-2014-9029: Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote…
PriorityP350high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
18.40%
96.9th percentile
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jasper_project | jasper | <= 1.900.1 | — |
| jasper_project | jasper | >= 0 < 1.900.1-14ubuntu3.1 | 1.900.1-14ubuntu3.1 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
JasPer vulnerability
vendor_ubuntu·2014-12-08
CVE-2014-9029 JasPer vulnerability
Title: JasPer vulnerability
Summary: JasPer could be made to crash or run programs as your login if it opened a
specially crafted file.
Jose Duart discovered that JasPer incorrectly handled certain malformed
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Ghostscript vulnerability
vendor_ubuntu·2014-12-08
CVE-2014-9029 Ghostscript vulnerability
Title: Ghostscript vulnerability
Summary: Ghostscript could be made to crash or run programs as your login if it
opened a specially crafted file.
USN-2434-1 fixed a vulnerability in JasPer. This update provides the
corresponding fix for the JasPer library embedded in the Ghostscript
package.
Original advisory details:
Jose Duart discovered that JasPer incorrectly handled certain malformed
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009)
vendor_redhat·2014-12-04·CVSS 7.5
CVE-2014-9029 [HIGH] CWE-193 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009)
jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009)
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.
Package: netpbm (Red Hat Enterprise Linux 5) - Will not fix
Package: jasper (Red Hat OpenShift Enterprise 2) - Affected
GHSA
GHSA-w26c-gw69-r33c: Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec
ghsa_unreviewed·2022-05-14
CVE-2014-9029 [HIGH] GHSA-w26c-gw69-r33c: Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
OSV
CVE-2014-9029: Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec
osv·2014-12-04·CVSS 7.5
CVE-2014-9029 [HIGH] CVE-2014-9029: Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009) [epel-5]
bugzilla·2014-12-04·CVSS 7.5
CVE-2014-9029 [HIGH] CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009) [epel-5]
CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009) [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel
Bugzilla
CVE-2014-9029 mingw-jasper: jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009) [epel-7]
bugzilla·2014-12-04·CVSS 7.5
CVE-2014-9029 [HIGH] CVE-2014-9029 mingw-jasper: jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009) [epel-7]
CVE-2014-9029 mingw-jasper: jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009) [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit
Bugzilla
CVE-2014-9029 mingw-jasper: jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009) [fedora-all]
bugzilla·2014-12-04·CVSS 7.5
CVE-2014-9029 [HIGH] CVE-2014-9029 mingw-jasper: jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009) [fedora-all]
CVE-2014-9029 mingw-jasper: jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009) [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit m
Bugzilla
CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009) [fedora-all]
bugzilla·2014-12-04·CVSS 7.5
CVE-2014-9029 [HIGH] CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009) [fedora-all]
CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009) [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE:
Bugzilla
CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009)
bugzilla·2014-11-25·CVSS 7.5
CVE-2014-9029 [HIGH] CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009)
CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009)
A heap-based buffer overflow flaw was reported in JasPer's jpc_dec_cp_setfromcox() and jpc_dec_cp_setfromrgn() functions. Processing a specially-crafted image with an application that uses JasPer could cause the application to crash or, potentially, execute arbitrary code.
Acknowledgements:
Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Jose Duart of the Google Security Team as the original reporter.
Discussion:
Created attachment 961994
Proposed patch
This seems to be an off-by-one issue in jpc_dec_process_coc and jpc_dec_process_rgn. There are an existing checks to ensure if coc->compno / rgn->compno is not more than dec->numcomps. Th
http://advisories.mageia.org/MGASA-2014-0514.htmlhttp://packetstormsecurity.com/files/129393/JasPer-1.900.1-Buffer-Overflow.htmlhttp://rhn.redhat.com/errata/RHSA-2014-2021.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0698.htmlhttp://secunia.com/advisories/61747http://secunia.com/advisories/62828http://www.debian.org/security/2014/dsa-3089http://www.mandriva.com/security/advisories?name=MDVSA-2014:247http://www.mandriva.com/security/advisories?name=MDVSA-2015:159http://www.ocert.org/advisories/ocert-2014-009.htmlhttp://www.openwall.com/lists/oss-security/2014/12/04/9http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.securityfocus.com/archive/1/534153/100/0/threadedhttp://www.securityfocus.com/bid/71476http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606http://www.ubuntu.com/usn/USN-2434-1http://www.ubuntu.com/usn/USN-2434-2https://bugzilla.redhat.com/show_bug.cgi?id=1167537https://exchange.xforce.ibmcloud.com/vulnerabilities/99125http://advisories.mageia.org/MGASA-2014-0514.htmlhttp://packetstormsecurity.com/files/129393/JasPer-1.900.1-Buffer-Overflow.htmlhttp://rhn.redhat.com/errata/RHSA-2014-2021.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0698.htmlhttp://secunia.com/advisories/61747http://secunia.com/advisories/62828http://www.debian.org/security/2014/dsa-3089http://www.mandriva.com/security/advisories?name=MDVSA-2014:247http://www.mandriva.com/security/advisories?name=MDVSA-2015:159http://www.ocert.org/advisories/ocert-2014-009.htmlhttp://www.openwall.com/lists/oss-security/2014/12/04/9http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.securityfocus.com/archive/1/534153/100/0/threadedhttp://www.securityfocus.com/bid/71476http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606http://www.ubuntu.com/usn/USN-2434-1http://www.ubuntu.com/usn/USN-2434-2https://bugzilla.redhat.com/show_bug.cgi?id=1167537https://exchange.xforce.ibmcloud.com/vulnerabilities/99125
2014-12-08
Published