CVE-2014-9029
Published: 4 December 2014
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
Priority
Status
Package | Release | Status |
---|---|---|
ghostscript Launchpad, Ubuntu, Debian |
lucid |
Released
(8.71.dfsg.1-0ubuntu5.6)
|
precise |
Not vulnerable
(uses system jasper)
|
|
trusty |
Does not exist
(trusty was not-affected [uses system jasper])
|
|
upstream |
Needs triage
|
|
utopic |
Not vulnerable
(uses system jasper)
|
|
jasper Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(1.900.1-13ubuntu0.1)
|
|
trusty |
Released
(1.900.1-14ubuntu3.1)
|
|
upstream |
Released
(1.900.1-debian1-2.2)
|
|
utopic |
Released
(1.900.1-debian1-2ubuntu0.1)
|