FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jasper -- multiple vulnerabilities

Affected packages
jasper < 1.900.1_16

Details

VuXML ID 006e3b7c-d7d7-11e5-b85f-0018fe623f2b
Discovery 2014-12-10
Entry 2016-02-20
Modified 2016-02-24

oCERT reports:

The library is affected by a double-free vulnerability in function jas_iccattrval_destroy() as well as a heap-based buffer overflow in function jp2_decode(). A specially crafted jp2 file can be used to trigger the vulnerabilities.

oCERT reports:

The library is affected by an off-by-one error in a buffer boundary check in jpc_dec_process_sot(), leading to a heap based buffer overflow, as well as multiple unrestricted stack memory use issues in jpc_qmfb.c, leading to stack overflow. A specially crafted jp2 file can be used to trigger the vulnerabilities.

oCERT reports:

Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.

limingxing reports:

A vulnerability was found in the way the JasPer's jas_matrix_clip() function parses certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.

References

CVE Name CVE-2014-8137
CVE Name CVE-2014-8138
CVE Name CVE-2014-8157
CVE Name CVE-2014-8158
CVE Name CVE-2014-9029
CVE Name CVE-2016-2089
URL http://seclists.org/oss-sec/2016/q1/233
URL http://www.ocert.org/advisories/ocert-2014-009.html
URL http://www.ocert.org/advisories/ocert-2014-012.html
URL http://www.ocert.org/advisories/ocert-2015-001.html
URL https://bugzilla.redhat.com/show_bug.cgi?id=1167537
URL https://bugzilla.redhat.com/show_bug.cgi?id=1173157
URL https://bugzilla.redhat.com/show_bug.cgi?id=1173162
URL https://bugzilla.redhat.com/show_bug.cgi?id=1179282
URL https://bugzilla.redhat.com/show_bug.cgi?id=1302636