Bugzilla – Bug 909475
VUL-0: CVE-2014-8138: libjasper: heap overflow in jas_decode()
Last modified: 2016-10-18 10:20:59 UTC
via distros: CRD: 2014-12-18, 15:00 CET Heap overflow in jas_decode() This code in jas_decode doesn???t check for an upper bound on the value of channo (in this case 0xFFFF): jas_image_setcmpttype(dec->image, dec->chantocmptlut[dec->cdef->data.cdef.ents[i].channo], jp2_getct(jas_image_clrspc(dec->image), dec->cdef->data.cdef.ents[i].type, dec->cdef->data.cdef.ents[i].assoc)); This could be used via jas_image_setcmpttype (actually this is just image->cmpts_[cmptno]->type_ = type), to do an arbitrary write since there???s no bound check there either. As in our recent libjasper report we would welcome a contributed patch as well as CVE assignment.
Created attachment 616747 [details] reproducer
bugbot adjusting priority
Created attachment 617650 [details] jasper2.patch this patch seems to fix it
public
submitted for SLE and opensuse
This is an autogenerated message for OBS integration: This bug (909475) was mentioned in https://build.opensuse.org/request/show/265905 Factory / jasper
This is an autogenerated message for OBS integration: This bug (909475) was mentioned in https://build.opensuse.org/request/show/266163 13.1 / jasper https://build.opensuse.org/request/show/266164 13.2 / jasper https://build.opensuse.org/request/show/266165 12.3 / jasper
SUSE-SU-2015:0016-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 906364,909474,909475 CVE References: CVE-2014-8137,CVE-2014-9029 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): jasper-1.900.1-166.1 SUSE Linux Enterprise Server 12 (src): jasper-1.900.1-166.1 SUSE Linux Enterprise Desktop 12 (src): jasper-1.900.1-166.1
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-01-23. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/60167
openSUSE-SU-2015:0038-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 909474,909475 CVE References: CVE-2014-8137 Sources used: openSUSE 13.2 (src): jasper-1.900.1-163.9.1
openSUSE-SU-2015:0039-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 909474,909475 CVE References: CVE-2014-8137 Sources used: openSUSE 12.3 (src): jasper-1.900.1-156.9.1
openSUSE-SU-2015:0042-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 909474,909475 CVE References: CVE-2014-8137 Sources used: openSUSE 13.1 (src): jasper-1.900.1-160.9.1
SUSE-SU-2015:0258-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 909474,909475,911837 CVE References: CVE-2014-8137,CVE-2014-8138 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): jasper-1.900.1-134.17.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): jasper-1.900.1-134.17.1 SUSE Linux Enterprise Server 11 SP3 (src): jasper-1.900.1-134.17.1 SUSE Linux Enterprise Desktop 11 SP3 (src): jasper-1.900.1-134.17.1
released