Bug 1117328 (CVE-2018-19543) - VUL-1: CVE-2018-19543: jasper: An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.
Summary: VUL-1: CVE-2018-19543: jasper: An issue was discovered in JasPer 2.0.14. Ther...
Status: RESOLVED FIXED
Alias: CVE-2018-19543
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/219639/
Whiteboard: CVSSv3:SUSE:CVE-2018-19543:5.1:(AV:L/...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-11-26 13:53 UTC by Marcus Meissner
Modified: 2023-12-20 14:50 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
jasper_bug_1.jp2 (442.17 KB, image/jp2)
2018-11-26 13:56 UTC, Marcus Meissner
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-11-26 13:53:58 UTC
CVE-2018-19543

An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read
of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19543
Comment 1 Marcus Meissner 2018-11-26 13:54:36 UTC
https://github.com/mdadams/jasper/issues/182
Comment 2 Marcus Meissner 2018-11-26 13:56:54 UTC
Created attachment 790882 [details]
jasper_bug_1.jp2

QA REPRODUCER:

valgrind jasper --input jasper_bug_1.jp2 --output foo.jpg

should not show
==28660== Invalid read of size 8
==28660==    at 0x4E46ACF: jas_image_depalettize (in /usr/lib64/libjasper.so.1.0.0)
==28660==    by 0x4E51FFB: jp2_decode (in /usr/lib64/libjasper.so.1.0.0)
==28660==    by 0x4E4657C: jas_image_decode (in /usr/lib64/libjasper.so.1.0.0)
==28660==    by 0x4012D0: ??? (in /usr/bin/jasper)
Comment 4 Michael Vetter 2020-06-29 07:26:49 UTC
This seems to be a duplicate of bsc#1045450 - (CVE-2017-9782).
Fix: https://github.com/MaxKellermann/jasper/commit/839b1bcf0450ff036c28e8db40a7abf886e02891

Will backport once we have all fixes in our new upstream.
Comment 5 Michael Vetter 2020-08-17 09:41:45 UTC
Fix https://github.com/MaxKellermann/jasper/commit/839b1bcf0450ff036c28e8db40a7abf886e02891

jasper-CVE-2018-19543-CVE-2017-9782.patch in home:mvetter:jasper-cves.
Will submit once more issues are fixed.
Comment 8 Swamp Workflow Management 2020-09-21 13:16:38 UTC
SUSE-SU-2020:2690-1: An update that fixes 17 vulnerabilities is now available.

Category: security (low)
Bug References: 1010786,1010979,1010980,1011829,1020451,1020456,1020458,1020460,1045450,1057152,1088278,1092115,1114498,1115637,1117328,1120805,1120807
CVE References: CVE-2016-9397,CVE-2016-9398,CVE-2016-9399,CVE-2016-9557,CVE-2017-14132,CVE-2017-5499,CVE-2017-5503,CVE-2017-5504,CVE-2017-5505,CVE-2017-9782,CVE-2018-18873,CVE-2018-19139,CVE-2018-19543,CVE-2018-20570,CVE-2018-20622,CVE-2018-9154,CVE-2018-9252
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    jasper-1.900.14-195.22.1
SUSE Linux Enterprise Server 12-SP5 (src):    jasper-1.900.14-195.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2020-09-21 13:23:39 UTC
SUSE-SU-2020:2689-1: An update that fixes 14 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1010979,1010980,1020451,1020456,1020458,1020460,1045450,1057152,1088278,1114498,1115637,1117328,1120805,1120807
CVE References: CVE-2016-9398,CVE-2016-9399,CVE-2017-14132,CVE-2017-5499,CVE-2017-5503,CVE-2017-5504,CVE-2017-5505,CVE-2017-9782,CVE-2018-18873,CVE-2018-19139,CVE-2018-19543,CVE-2018-20570,CVE-2018-20622,CVE-2018-9252
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (src):    jasper-2.0.14-3.16.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src):    jasper-2.0.14-3.16.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    jasper-2.0.14-3.16.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    jasper-2.0.14-3.16.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    jasper-2.0.14-3.16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2020-09-24 16:19:20 UTC
openSUSE-SU-2020:1517-1: An update that fixes 14 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1010979,1010980,1020451,1020456,1020458,1020460,1045450,1057152,1088278,1114498,1115637,1117328,1120805,1120807
CVE References: CVE-2016-9398,CVE-2016-9399,CVE-2017-14132,CVE-2017-5499,CVE-2017-5503,CVE-2017-5504,CVE-2017-5505,CVE-2017-9782,CVE-2018-18873,CVE-2018-19139,CVE-2018-19543,CVE-2018-20570,CVE-2018-20622,CVE-2018-9252
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    jasper-2.0.14-lp151.4.9.1
Comment 11 Swamp Workflow Management 2020-09-25 10:19:22 UTC
openSUSE-SU-2020:1523-1: An update that fixes 14 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1010979,1010980,1020451,1020456,1020458,1020460,1045450,1057152,1088278,1114498,1115637,1117328,1120805,1120807
CVE References: CVE-2016-9398,CVE-2016-9399,CVE-2017-14132,CVE-2017-5499,CVE-2017-5503,CVE-2017-5504,CVE-2017-5505,CVE-2017-9782,CVE-2018-18873,CVE-2018-19139,CVE-2018-19543,CVE-2018-20570,CVE-2018-20622,CVE-2018-9252
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    jasper-2.0.14-lp152.7.3.1
Comment 12 Carlos López 2022-09-16 13:57:29 UTC
Done, closing.
Comment 13 OBSbugzilla Bot 2023-10-30 19:35:15 UTC
This is an autogenerated message for OBS integration:
This bug (1117328) was mentioned in
https://build.opensuse.org/request/show/1121278 Factory / jasper