jasper: arbitrary code execution

2015-01-27T00:00:00
ID ASA-201501-23
Type archlinux
Reporter Arch Linux
Modified 2015-01-27T00:00:00

Description

  • CVE-2014-8157 (arbitrary code execution)

Off-by-one error in the jpc_dec_process_sot function allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.

  • CVE-2014-8158 (arbitrary code execution)

Multiple stack-based buffer overflows in jpc_qmfb.c allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.