| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20150121232848.GD6755@core.inversepath.com>
Date: Thu, 22 Jan 2015 00:28:48 +0100
From: Andrea Barisani <lcars@...rt.org>
To: oss-security@...ts.openwall.com, ocert-announce@...ts.ocert.org,
bugtraq@...urityfocus.com
Subject: [oCERT-2015-001] JasPer input sanitization errors
#2015-001 JasPer input sanitization errors
Description:
The JasPer project is an open source implementation for the JPEG-2000 codec.
The library is affected by an off-by-one error in a buffer boundary check in
jpc_dec_process_sot(), leading to a heap based buffer overflow, as well as
multiple unrestricted stack memory use issues in jpc_qmfb.c, leading to stack
overflow.
A specially crafted JPEG-2000 file can be used to trigger the vulnerabilities.
Affected version:
JasPer <= 1.900.1
Fixed version:
JasPer, N/A
Credit: vulnerability report received from <pyddeh@...il.com>.
CVE: CVE-2014-8157 (off-by-one heap buffer overflow),
CVE-2014-8158 (stack overflow)
Timeline:
2015-01-06: vulnerability report received
2015-01-06: contacted affected vendors, assigned CVEs
2015-01-21: advisory release
References:
http://www.ece.uvic.ca/~frodo/jasper
--
Andrea Barisani | Founder & Project Coordinator
oCERT | OSS Computer Security Incident Response Team
<lcars@...rt.org> http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
"Pluralitas non est ponenda sine necessitate"
Powered by blists - more mailing lists