oCERT-2015-001 JasPer input sanitization errors

Description:

The JasPer project is an open source implementation for the JPEG-2000 codec.

The library is affected by an off-by-one error in a buffer boundary check in jpc_dec_process_sot(), leading to a heap based buffer overflow, as well as multiple unrestricted stack memory use issues in jpc_qmfb.c, leading to stack overflow.

A specially crafted jp2 file can be used to trigger the vulnerabilities.

Affected version:

JasPer <= 1.900.1

Fixed version:

JasPer, N/A

Credit: vulnerability report received from <pyddeh@gmail.com>.

CVE: CVE-2014-8157 (off-by-one heap buffer overflow), CVE-2014-8158 (stack overflow)

Timeline:

2015-01-06: vulnerability report received
2015-01-06: contacted affected vendors, assigned CVEs
2015-01-21: advisory release

References:
http://www.ece.uvic.ca/~frodo/jasper