FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-9029

This CVE name corresponds to:

Entered Topic
2016-02-20 jasper -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2014-9029 at cve.mitre.org

Details

Type Candidate
Name CVE-2014-9029
Phase Assigned(20141120)

Description

Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.

References

Source Reference
BUGTRAQ 20141204 [oCERT-2014-009] JasPer input sanitization errors
MLIST [oss-security] 20141204 [oCERT-2014-009] JasPer input sanitization errors
MISC http://packetstormsecurity.com/files/129393/JasPer-1.900.1-Buffer-Overflow.html
MISC http://www.ocert.org/advisories/ocert-2014-009.html
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1167537
CONFIRM http://advisories.mageia.org/MGASA-2014-0514.html
DEBIAN DSA-3089
MANDRIVA MDVSA-2014:247
MANDRIVA MDVSA-2015:159
REDHAT RHSA-2014:2021
REDHAT RHSA-2015:0698
UBUNTU USN-2434-1
UBUNTU USN-2434-2
BID 71476
SECUNIA 61747
XF jasper-cve20149029-bo(99125)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.