CVE-2014-9029 (retired)

Priority
Description
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2)
jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and
earlier allow remote attackers to execute arbitrary code via a crafted jp2
file, which triggers a heap-based buffer overflow.
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Package
Upstream:released (1.900.1-debian1-2.2)
More Information

Updated: 2019-09-19 15:51:19 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)