Описание
ELSA-2015-0074: jasper security update (IMPORTANT)
[1.900.1-16.3]
- CVE-2014-8157 - dec->numtiles off-by-one check in jpc_dec_process_sot() (#1183671)
- CVE-2014-8158 - unrestricted stack memory use in jpc_qmfb.c (#1183679)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
jasper
1.900.1-16.el6_6.3
jasper-devel
1.900.1-16.el6_6.3
jasper-libs
1.900.1-16.el6_6.3
jasper-utils
1.900.1-16.el6_6.3
Oracle Linux i686
jasper
1.900.1-16.el6_6.3
jasper-devel
1.900.1-16.el6_6.3
jasper-libs
1.900.1-16.el6_6.3
jasper-utils
1.900.1-16.el6_6.3
Oracle Linux sparc64
jasper
1.900.1-16.el6_6.3
jasper-devel
1.900.1-16.el6_6.3
jasper-libs
1.900.1-16.el6_6.3
jasper-utils
1.900.1-16.el6_6.3
Oracle Linux 7
Oracle Linux x86_64
jasper
1.900.1-26.el7_0.3
jasper-devel
1.900.1-26.el7_0.3
jasper-libs
1.900.1-26.el7_0.3
jasper-utils
1.900.1-26.el7_0.3
Связанные CVE
Связанные уязвимости
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 ...