Описание
ELSA-2014-2021: jasper security update (IMPORTANT)
[1.900.1-16.2]
- CVE-2014-8137 - double-free in in jas_iccattrval_destroy (#1173566)
- CVE-2014-8138 - heap overflow in jp2_decode (#1173566)
[1.900.1-16.1]
- CVE-2014-9029 - incorrect component number check in COC, RGN and QCC marker segment decoders (#1171208)
[1.900.1-16]
- CERT VU#887409: heap buffer overflow flaws lead to arbitrary code execution (#749150)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
jasper
1.900.1-16.el6_6.2
jasper-devel
1.900.1-16.el6_6.2
jasper-libs
1.900.1-16.el6_6.2
jasper-utils
1.900.1-16.el6_6.2
Oracle Linux i686
jasper
1.900.1-16.el6_6.2
jasper-devel
1.900.1-16.el6_6.2
jasper-libs
1.900.1-16.el6_6.2
jasper-utils
1.900.1-16.el6_6.2
Oracle Linux 7
Oracle Linux x86_64
jasper
1.900.1-26.el7_0.2
jasper-devel
1.900.1-26.el7_0.2
jasper-libs
1.900.1-26.el7_0.2
jasper-utils
1.900.1-26.el7_0.2
Связанные CVE
Связанные уязвимости
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jp ...