From ${URL} : #2015-001 JasPer input sanitization errors Description: The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by an off-by-one error in a buffer boundary check in jpc_dec_process_sot(), leading to a heap based buffer overflow, as well as multiple unrestricted stack memory use issues in jpc_qmfb.c, leading to stack overflow. A specially crafted JPEG-2000 file can be used to trigger the vulnerabilities. Affected version: JasPer <= 1.900.1 Fixed version: JasPer, N/A Credit: vulnerability report received from <pyddeh@...il.com>. CVE: CVE-2014-8157 (off-by-one heap buffer overflow), CVE-2014-8158 (stack overflow) Timeline: 2015-01-06: vulnerability report received 2015-01-06: contacted affected vendors, assigned CVEs 2015-01-21: advisory release References: http://www.ece.uvic.ca/~frodo/jasper @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
+*jasper-1.900.1-r9 (24 Jan 2015) + + 24 Jan 2015; Justin Lecher <jlec@gentoo.org> +jasper-1.900.1-r9.ebuild, + +files/jasper-CVE-2014-8157.patch, +files/jasper-CVE-2014-8158.patch: + Add fixes for CVE-2014-815{7,8}, #537530 +
@arches, please stabilize, target is media-libs/jasper-1.900.1-r9
Stable for HPPA.
amd64 stable
x86 stable
arm stable
ppc stable
CVE-2014-8158 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8158): Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image. CVE-2014-8157 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8157): Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
sparc stable
ppc64 stable
ia64 stable
alpha stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
+ 24 Feb 2015; Justin Lecher <jlec@gentoo.org> -jasper-1.900.1-r8.ebuild: + Drop vulnerable version + Cleaned
Arches and Maintainer(s), Thank you for your work. Added to an existing GLSA Request.
This issue was resolved and addressed in GLSA 201503-01 at http://security.gentoo.org/glsa/glsa-201503-01.xml by GLSA coordinator Mikle Kolyada (Zlogene).
