Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2014-9029
Description:Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
Test IDs: 1.3.6.1.4.1.25623.1.0.703089   1.3.6.1.4.1.25623.1.0.123214   1.3.6.1.4.1.25623.1.1.4.2015.0207.1  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2014-9029
BugTraq ID: 71476
http://www.securityfocus.com/bid/71476
Bugtraq: 20141204 [oCERT-2014-009] JasPer input sanitization errors (Google Search)
http://www.securityfocus.com/archive/1/534153/100/0/threaded
Debian Security Information: DSA-3089 (Google Search)
http://www.debian.org/security/2014/dsa-3089
http://www.mandriva.com/security/advisories?name=MDVSA-2014:247
http://www.mandriva.com/security/advisories?name=MDVSA-2015:159
http://packetstormsecurity.com/files/129393/JasPer-1.900.1-Buffer-Overflow.html
http://www.ocert.org/advisories/ocert-2014-009.html
http://www.openwall.com/lists/oss-security/2014/12/04/9
RedHat Security Advisories: RHSA-2014:2021
http://rhn.redhat.com/errata/RHSA-2014-2021.html
RedHat Security Advisories: RHSA-2015:0698
http://rhn.redhat.com/errata/RHSA-2015-0698.html
http://secunia.com/advisories/61747
http://secunia.com/advisories/62828
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
http://www.ubuntu.com/usn/USN-2434-1
http://www.ubuntu.com/usn/USN-2434-2
XForce ISS Database: jasper-cve20149029-bo(99125)
https://exchange.xforce.ibmcloud.com/vulnerabilities/99125




© 1998-2021 E-Soft Inc. All rights reserved.