| The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them. |
|
 |
|
|
|
vulnerability 11345
JasPer: buffer overflow via Quantization
Synthesis of the vulnerability
| An attacker can create a JPEG 2000 image, and invite the victim to open it with an application linked to JasPer, in order to create a buffer overflow, which leads to a denial of service or to code execution. |
Severity: 3/4.
Creation date: 08/02/2012.
|
Impacted products
Description of the vulnerability
The JasPer library implements the processing of JPEG-2000 Part-1 images.
The quantization stage in the compression of a JPEG image ignores high frequency components (small variations).
The jpc_dec_cp_setfromqcx() function of the src/libjasper/jpc/jpc_dec.c file copies quantization information. However, an overflow can occur.
An attacker can therefore create a JPEG 2000 image, and invite the victim to open it with an application linked to JasPer, in order to create a buffer overflow, which leads to a denial of service or to code execution. |
Share this bulletin
Complete Vigil@nce bulletin
Characteristics
Title: JasPer: buffer overflow via Quantization.
Keywords: 2000 JPEG JPEG-2000 JasPer Part-1 Quantization buffer jpc_dec jpc_dec_cp_setfromqcx overflow.
Identifiers: SA47175, VIGILANCE-VUL-11345.
Pointed by: VIGILANCE-VUL-11346.
|
Information sources
Computer vulnerabilities tracking service
Vigil@nce provides an application vulnerability announce. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The technology watch team tracks security threats targeting the computer system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
|
