JasPer JPC_QCX_GetCompParm Function JP2 File Handling Remote Denial of Service Vulnerability
BID:24052
Info
JasPer JPC_QCX_GetCompParm Function JP2 File Handling Remote Denial of Service Vulnerability
| Bugtraq ID: | 24052 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-2721 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 30 2007 12:00AM |
| Updated: | Apr 19 2010 12:32PM |
| Credit: | Sami Liedes is credited with the discovery of this vulnerability. |
| Vulnerable: |
Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Turbolinux wizpy 0 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 10.0.0 x64 Turbolinux Turbolinux Desktop 10.0 Turbolinux Turbolinux FUJI Turbolinux Turbolinux 10 F... TurboLinux Personal TurboLinux Multimedia Turbolinux Home Turbolinux FUJI 0 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux AS 4 Redhat Enterprise Linux Desktop version 4 Redhat Enterprise Linux 5 Server Netpbm Netpbm 10.29 Netpbm Netpbm 10.34 Mandriva Linux Mandrake 2009.1 x86_64 Mandriva Linux Mandrake 2009.1 Mandriva Linux Mandrake 2009.0 x86_64 Mandriva Linux Mandrake 2009.0 Mandriva Linux Mandrake 2008.1 x86_64 Mandriva Linux Mandrake 2008.1 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 JasPer JasPer 1.900.1 JasPer JasPer 1.900 JasPer JasPer 1.701 Debian Linux 5.0 sparc Debian Linux 5.0 s/390 Debian Linux 5.0 powerpc Debian Linux 5.0 mipsel Debian Linux 5.0 mips Debian Linux 5.0 m68k Debian Linux 5.0 ia-64 Debian Linux 5.0 ia-32 Debian Linux 5.0 hppa Debian Linux 5.0 armel Debian Linux 5.0 arm Debian Linux 5.0 amd64 Debian Linux 5.0 alpha Debian Linux 5.0 Aladdin Enterprises Ghostscript 8.50 |
| Not Vulnerable: | |
Discussion
JasPer JPC_QCX_GetCompParm Function JP2 File Handling Remote Denial of Service Vulnerability
JasPer is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted JP2 files.
An attacker may exploit this issue by enticing victims to open a maliciously crafted file.
Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users.
This issue affects JasPer 1.900 and 1.900.1; other versions may also be affected.
JasPer is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted JP2 files.
An attacker may exploit this issue by enticing victims to open a maliciously crafted file.
Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users.
This issue affects JasPer 1.900 and 1.900.1; other versions may also be affected.
Exploit / POC
JasPer JPC_QCX_GetCompParm Function JP2 File Handling Remote Denial of Service Vulnerability
An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious 'JP2' file using the affected application.
An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious 'JP2' file using the affected application.
Solution / Fix
JasPer JPC_QCX_GetCompParm Function JP2 File Handling Remote Denial of Service Vulnerability
Solution:
Updates are available. Please see the references for more information.
Debian Linux 5.0 alpha
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.0
Debian Linux 5.0 mipsel
Debian Linux 5.0 armel
Mandriva Linux Mandrake 2009.0 x86_64
Debian Linux 5.0 mips
Mandriva Linux Mandrake 2009.1
Debian Linux 5.0 sparc
Mandriva Linux Mandrake 2008.1 x86_64
Mandriva Linux Mandrake 2008.1
Mandriva Linux Mandrake 2009.1 x86_64
MandrakeSoft Enterprise Server 5 x86_64
Debian Linux 5.0 ia-32
MandrakeSoft Enterprise Server 5
Debian Linux 5.0 s/390
Debian Linux 5.0 hppa
Mandriva Linux Mandrake 2009.0
Debian Linux 5.0 arm
MandrakeSoft Corporate Server 4.0
Debian Linux 5.0 amd64
Debian Linux 5.0 powerpc
MandrakeSoft Corporate Server 4.0 x86_64
Solution:
Updates are available. Please see the references for more information.
Debian Linux 5.0 alpha
-
Debian libjasper-dev_1.900.1-5.1+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1. 900.1-5.1+lenny1_alpha.deb -
Debian libjasper-runtime_1.900.1-5.1+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtim e_1.900.1-5.1+lenny1_alpha.deb -
Debian libjasper1_1.900.1-5.1+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900 .1-5.1+lenny1_alpha.deb
Mandriva Linux Mandrake 2008.0 x86_64
-
Mandriva jasper-1.900.1-2.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64jasper1-1.900.1-2.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64jasper1-devel-1.900.1-2.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64jasper1-static-devel-1.900.1-2.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2008.0
-
Mandriva jasper-1.900.1-2.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libjasper1-1.900.1-2.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libjasper1-devel-1.900.1-2.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libjasper1-static-devel-1.900.1-2.1mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/
Debian Linux 5.0 mipsel
-
Debian libjasper-dev_1.900.1-5.1+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1. 900.1-5.1+lenny1_mipsel.deb -
Debian libjasper-runtime_1.900.1-5.1+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtim e_1.900.1-5.1+lenny1_mipsel.deb -
Debian libjasper1_1.900.1-5.1+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900 .1-5.1+lenny1_mipsel.deb
Debian Linux 5.0 armel
-
Debian libjasper-dev_1.900.1-5.1+lenny1_armel.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1. 900.1-5.1+lenny1_armel.deb -
Debian libjasper-runtime_1.900.1-5.1+lenny1_armel.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtim e_1.900.1-5.1+lenny1_armel.deb -
Debian libjasper1_1.900.1-5.1+lenny1_armel.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900 .1-5.1+lenny1_armel.deb
Mandriva Linux Mandrake 2009.0 x86_64
-
Mandriva jasper-1.900.1-4.1mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64jasper1-1.900.1-4.1mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64jasper1-devel-1.900.1-4.1mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64jasper1-static-devel-1.900.1-4.1mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/
Debian Linux 5.0 mips
-
Debian libjasper-dev_1.900.1-5.1+lenny1_mips.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1. 900.1-5.1+lenny1_mips.deb -
Debian libjasper-runtime_1.900.1-5.1+lenny1_mips.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtim e_1.900.1-5.1+lenny1_mips.deb -
Debian libjasper1_1.900.1-5.1+lenny1_mips.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900 .1-5.1+lenny1_mips.deb
Mandriva Linux Mandrake 2009.1
-
Mandriva jasper-1.900.1-5.1mdv2009.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libjasper-devel-1.900.1-5.1mdv2009.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libjasper-static-devel-1.900.1-5.1mdv2009.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libjasper1-1.900.1-5.1mdv2009.1.i586.rpm
http://www.mandriva.com/en/download/
Debian Linux 5.0 sparc
-
Debian libjasper-dev_1.900.1-5.1+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1. 900.1-5.1+lenny1_sparc.deb -
Debian libjasper-runtime_1.900.1-5.1+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtim e_1.900.1-5.1+lenny1_sparc.deb -
Debian libjasper1_1.900.1-5.1+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900 .1-5.1+lenny1_sparc.deb
Mandriva Linux Mandrake 2008.1 x86_64
-
Mandriva jasper-1.900.1-3.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64jasper1-1.900.1-3.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64jasper1-devel-1.900.1-3.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64jasper1-static-devel-1.900.1-3.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2008.1
-
Mandriva jasper-1.900.1-3.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libjasper1-1.900.1-3.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libjasper1-devel-1.900.1-3.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libjasper1-static-devel-1.900.1-3.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2009.1 x86_64
-
Mandriva jasper-1.900.1-5.1mdv2009.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64jasper-devel-1.900.1-5.1mdv2009.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64jasper-static-devel-1.900.1-5.1mdv2009.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64jasper1-1.900.1-5.1mdv2009.1.x86_64.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Enterprise Server 5 x86_64
-
Mandriva jasper-1.900.1-4.2mdvmes2009.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64jasper1-1.900.1-4.2mdvmes2009.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64jasper1-devel-1.900.1-4.2mdvmes2009.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64jasper1-static-devel-1.900.1-4.2mdvmes2009.0.x86_64.rpm
http://www.mandriva.com/en/download/
Debian Linux 5.0 ia-32
-
Debian libjasper-dev_1.900.1-5.1+lenny1_i386.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1. 900.1-5.1+lenny1_i386.deb -
Debian libjasper-runtime_1.900.1-5.1+lenny1_i386.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtim e_1.900.1-5.1+lenny1_i386.deb -
Debian libjasper1_1.900.1-5.1+lenny1_i386.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900 .1-5.1+lenny1_i386.deb
MandrakeSoft Enterprise Server 5
-
Mandriva jasper-1.900.1-4.2mdvmes2009.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libjasper1-1.900.1-4.2mdvmes2009.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libjasper1-devel-1.900.1-4.2mdvmes2009.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libjasper1-static-devel-1.900.1-4.2mdvmes2009.0.i586.rpm
http://www.mandriva.com/en/download/
Debian Linux 5.0 s/390
-
Debian libjasper-dev_1.900.1-5.1+lenny1_s390.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1. 900.1-5.1+lenny1_s390.deb -
Debian libjasper-runtime_1.900.1-5.1+lenny1_s390.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtim e_1.900.1-5.1+lenny1_s390.deb -
Debian libjasper1_1.900.1-5.1+lenny1_s390.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900 .1-5.1+lenny1_s390.deb
Debian Linux 5.0 hppa
-
Debian libjasper-dev_1.900.1-5.1+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1. 900.1-5.1+lenny1_hppa.deb -
Debian libjasper-runtime_1.900.1-5.1+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtim e_1.900.1-5.1+lenny1_hppa.deb -
Debian libjasper1_1.900.1-5.1+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900 .1-5.1+lenny1_hppa.deb
Mandriva Linux Mandrake 2009.0
-
Mandriva jasper-1.900.1-4.1mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libjasper1-1.900.1-4.1mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libjasper1-devel-1.900.1-4.1mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libjasper1-static-devel-1.900.1-4.1mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/
Debian Linux 5.0 arm
-
Debian libjasper-dev_1.900.1-5.1+lenny1_arm.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1. 900.1-5.1+lenny1_arm.deb -
Debian libjasper-runtime_1.900.1-5.1+lenny1_arm.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtim e_1.900.1-5.1+lenny1_arm.deb -
Debian libjasper1_1.900.1-5.1+lenny1_arm.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900 .1-5.1+lenny1_arm.deb
MandrakeSoft Corporate Server 4.0
-
Mandriva jasper-1.701.0-3.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libjasper1.701_1-1.701.0-3.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libjasper1.701_1-devel-1.701.0-3.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libjasper1.701_1-static-devel-1.701.0-3.1.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/
Debian Linux 5.0 amd64
-
Debian libjasper-dev_1.900.1-5.1+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1. 900.1-5.1+lenny1_amd64.deb -
Debian libjasper-runtime_1.900.1-5.1+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtim e_1.900.1-5.1+lenny1_amd64.deb -
Debian libjasper1_1.900.1-5.1+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900 .1-5.1+lenny1_amd64.deb
Debian Linux 5.0 powerpc
-
Debian libjasper-dev_1.900.1-5.1+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1. 900.1-5.1+lenny1_powerpc.deb -
Debian libjasper-runtime_1.900.1-5.1+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtim e_1.900.1-5.1+lenny1_powerpc.deb -
Debian libjasper1_1.900.1-5.1+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900 .1-5.1+lenny1_powerpc.deb
MandrakeSoft Corporate Server 4.0 x86_64
-
Mandriva jasper-1.701.0-3.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64jasper1.701_1-1.701.0-3.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64jasper1.701_1-devel-1.701.0-3.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64jasper1.701_1-static-devel-1.701.0-3.1.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/
References
JasPer JPC_QCX_GetCompParm Function JP2 File Handling Remote Denial of Service Vulnerability
References:
References:
- JasPer Homepage (Micheal Adams)