[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[oCERT-2015-001] JasPer input sanitization errors

To: oss-security@xxxxxxxxxxxxxxxxxx, ocert-announce@xxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: [oCERT-2015-001] JasPer input sanitization errors
From: Andrea Barisani <lcars@xxxxxxxxx>
Date: Thu, 22 Jan 2015 00:28:48 +0100

#2015-001 JasPer input sanitization errors

Description:

The JasPer project is an open source implementation for the JPEG-2000 codec.

The library is affected by an off-by-one error in a buffer boundary check in
jpc_dec_process_sot(), leading to a heap based buffer overflow, as well as
multiple unrestricted stack memory use issues in jpc_qmfb.c, leading to stack
overflow.

A specially crafted JPEG-2000 file can be used to trigger the vulnerabilities.

Affected version:

JasPer <= 1.900.1

Fixed version:

JasPer, N/A

Credit: vulnerability report received from <pyddeh@xxxxxxxxx>.

CVE: CVE-2014-8157 (off-by-one heap buffer overflow),
     CVE-2014-8158 (stack overflow)

Timeline:
2015-01-06: vulnerability report received
2015-01-06: contacted affected vendors, assigned CVEs
2015-01-21: advisory release

References:
http://www.ece.uvic.ca/~frodo/jasper

-- 
Andrea Barisani |                Founder & Project Coordinator
          oCERT | OSS Computer Security Incident Response Team

<lcars@xxxxxxxxx>                         http://www.ocert.org
 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
        "Pluralitas non est ponenda sine necessitate"

Prev by Date: [security bulletin] HPSBUX03235 SSRT101750 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
Next by Date: PhotoSync v1.1.3 Android - Command Inject Vulnerability
Previous by thread: [security bulletin] HPSBUX03235 SSRT101750 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
Next by thread: PhotoSync v1.1.3 Android - Command Inject Vulnerability
Index(es):
- Date
- Thread