CVE-2014-9029

Severity

75%

Complexity

99%

Confidentiality

106%

Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.

Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 10 years ago

2014-12-08 16:59:00

Last updated 6 years ago

2018-10-09 19:54:00

Affected Software

Jasper Project Jasper

References

http://advisories.mageia.org/MGASA-2014-0514.html

http://packetstormsecurity.com/files/129393/JasPer-1.900.1-Buffer-Overflow.html

RHSA-2014:2021

RHSA-2015:0698

61747

62828

DSA-3089

MDVSA-2014:247

MDVSA-2015:159

http://www.ocert.org/advisories/ocert-2014-009.html

US Government Resource

[oss-security] 20141204 [oCERT-2014-009] JasPer input sanitization errors

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

20141204 [oCERT-2014-009] JasPer input sanitization errors

71476

SSA:2015-302-02

USN-2434-1

USN-2434-2

https://bugzilla.redhat.com/show_bug.cgi?id=1167537

jasper-cve20149029-bo(99125)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.