[v3.0] jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (CVE-2014-9029)
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
References:
http://seclists.org/oss-sec/2014/q4/898
CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2014-9029
PATCH: https://bugzilla.redhat.com/attachment.cgi?id=961994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9029
(from redmine: issue id 3782, created on 2015-01-27, closed on 2015-09-21)
- Relations:
- parent #3779 (closed)
- Changesets:
- Revision d7c2a3a2 by Natanael Copa on 2015-09-21T08:45:30Z:
main/jasper: security fix for CVE-2014-9029
ref #3779
fixes #3782