CVE-2014-9029
Severity
7.5HIGH
EPSS
32.6%
top 3.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 8
Latest updateMay 14
Description
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
CVSS vector
AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4
Affected Packages2 packages
🔴Vulnerability Details
3GHSA▶
GHSA-w26c-gw69-r33c: Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec↗2022-05-14
CVEList▶
CVE-2014-9029: Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec↗2014-12-08
OSV▶
CVE-2014-9029: Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec↗2014-12-04
📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009) [epel-5]↗2014-12-04
Bugzilla▶
CVE-2014-9029 mingw-jasper: jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009) [epel-7]↗2014-12-04
Bugzilla▶
CVE-2014-9029 mingw-jasper: jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009) [fedora-all]↗2014-12-04
Bugzilla▶
CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009) [fedora-all]↗2014-12-04
Bugzilla▶
CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009)↗2014-11-25