[v2.7] jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (CVE-2014-9029)
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
References:
http://seclists.org/oss-sec/2014/q4/898
CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2014-9029
PATCH: https://bugzilla.redhat.com/attachment.cgi?id=961994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9029
(from redmine: issue id 3781, created on 2015-01-27, closed on 2015-09-21)
- Relations:
- parent #3779 (closed)
- Changesets:
- Revision a3c4e58a by Natanael Copa on 2015-09-21T09:24:58Z:
main/jasper: security fix for CVE-2014-9029
ref #3779
fixes #3781
(cherry picked from commit a3c611fae92fca14cdae49707d4c798def7df413)