Multiple vulnerabilities have been reported in JasPer, which can be exploited by malicious people to compromise an application using the library.
1) An error in the "jpc_cox_getcompparms()" function (src/libjasper/jpc/jpc_cs.c) when processing a coding style default (COD) marker segment can be exploited to overwrite a certain callback function pointer.
2) An error in the "jpc_crg_getparms()" function (src/libjasper/jpc/jpc_cs.c) when processing a component registration (CRG) marker segment can be exploited to cause a heap-based buffer overflow.
3) A boundary error in the "jpc_dec_cp_setfromqcx()" function (src/libjasper/jpc/jpc_dec.c) when copying the Quantization Default (QCD) marker segment can be exploited to cause a heap-based buffer overflow via a specially crafted JPEG2000 (JP2) file using a scalar quantization style.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
The vulnerabilities are reported in version 1.900.1. Other versions may also be affected.
Solution: Do not process files from untrusted sources.
Provided and/or discovered by: 1, 2) US-CERT credits Jonathan Foote, CERT/CC.
3) Parvez Anwar via Secunia.
Original Advisory: US-CERT (VU#887409):
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org