Published: 08/12/2014 Updated: 09/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and previous versions allow remote malicious users to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jasper project jasper

Synopsis Important: jasper security update Type/Severity Security Advisory: Important Topic Updated jasper packages that fix three security issues are now availablefor Red Hat Enterprise Linux 6 and 7Red Hat Product Security has rated this update as having Important securityimpact Common Vulnerability Sco ...

Debian Bug report logs - #772036 jasper: CVE-2014-9029 Package: src:jasper; Maintainer for src:jasper is Roland Stigge <stigge@antcomde>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 4 Dec 2014 14:45:09 UTC Severity: grave Tags: patch, security, upstream Found in version jasper/19001-7 Fixed ...

JasPer could be made to crash or run programs as your login if it opened a specially crafted file ...

Ghostscript could be made to crash or run programs as your login if it opened a specially crafted file ...

Jose Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, a library for manipulating JPEG-2000 files, which could lead to denial of service (application crash) or the execution of arbitrary code For the stable distribution (wheezy), these problems have been fixed in version 19001-13+deb7u1 For the upcoming st ...

Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 image files A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-9029) A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files A ...

Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 files A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code ...

CWE-189 https://bugzilla.redhat.com/show_bug.cgi?id=1167537 http://www.debian.org/security/2014/dsa-3089 http://www.openwall.com/lists/oss-security/2014/12/04/9 http://packetstormsecurity.com/files/129393/JasPer-1.900.1-Buffer-Overflow.html http://www.ocert.org/advisories/ocert-2014-009.html http://www.securityfocus.com/bid/71476 http://www.ubuntu.com/usn/USN-2434-2 http://www.ubuntu.com/usn/USN-2434-1 http://secunia.com/advisories/61747 http://rhn.redhat.com/errata/RHSA-2014-2021.html http://rhn.redhat.com/errata/RHSA-2015-0698.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:247 http://advisories.mageia.org/MGASA-2014-0514.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:159 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606 http://secunia.com/advisories/62828 https://exchange.xforce.ibmcloud.com/vulnerabilities/99125 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/archive/1/534153/100/0/threaded https://access.redhat.com/errata/RHSA-2014:2021 https://nvd.nist.gov https://usn.ubuntu.com/2434-1/

CVE-2014-9029

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect