Arch Linux Security Advisory ASA-201412-22 ========================================== Severity: Critical Date : 2014-12-19 CVE-ID : jasper Package : CVE-2014-8137 CVE-2014-9029 CVE-2011-4516 CVE-2011-4517 Type : arbitrary code execution, denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE-2014 Summary ======= The package jasper before version 1.900.1-12 is vulnerable to arbitrary code execution and denial of service. Resolution ========== Upgrade to 1.900.1-12. # pacman -Syu "jasper>=1.900.1-12" The problems have not been fixed upstream but patches were added. Workaround ========== None. Description =========== - CVE-2014-8137 (arbitrary code execution) A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. - CVE-2014-9029 (arbitrary code execution) Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow. - CVE-2011-4516 (arbitrary code execution) Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file. - CVE-2011-4517 (arbitrary code execution) The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file. Impact ====== An attacker is able to execute arbitrary code or perform a denial of service attack via various vulnerabilities. References ========== https://marc.info/?l=oss-security&m=141770163916268&w=2 https://marc.info/?l=oss-security&m=141891163026757&w=2 https://access.redhat.com/security/cve/CVE-2014-8137 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9029 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4516 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4517 https://bugs.archlinux.org/task/43044 https://bugs.archlinux.org/task/43155