Описание
Security update for jasper
This update for jasper fixes the following issues:
Security issues fixed:
- CVE-2016-9262: Multiple integer overflows in the jas_realloc function in base/jas_malloc.c and mem_resize function in base/jas_stream.c allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities. (bsc#1009994)
- CVE-2016-9388: The ras_getcmap function in ras_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010975)
- CVE-2016-9389: The jpc_irct and jpc_iict functions in jpc_mct.c allow remote attackers to cause a denial of service (assertion failure). (bsc#1010968)
- CVE-2016-9390: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010774)
- CVE-2016-9391: The jpc_bitstream_getbits function in jpc_bs.c allows remote attackers to cause a denial of service (assertion failure) via a very large integer. (bsc#1010782)
- CVE-2017-1000050: The jp2_encode function in jp2_enc.c allows remote attackers to cause a denial of service. (bsc#1047958)
CVEs already fixed with previous update:
- CVE-2016-9392: The calcstepsizes function in jpc_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010757)
- CVE-2016-9393: The jpc_pi_nextrpcl function in jpc_t2cod.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010766)
- CVE-2016-9394: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010756)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP2
Ссылки
- Link for SUSE-SU-2017:1916-1
- E-Mail link for SUSE-SU-2017:1916-1
- SUSE Security Ratings
- SUSE Bug 1009994
- SUSE Bug 1010756
- SUSE Bug 1010757
- SUSE Bug 1010766
- SUSE Bug 1010774
- SUSE Bug 1010782
- SUSE Bug 1010968
- SUSE Bug 1010975
- SUSE Bug 1047958
- SUSE CVE CVE-2016-9262 page
- SUSE CVE CVE-2016-9388 page
- SUSE CVE CVE-2016-9389 page
- SUSE CVE CVE-2016-9390 page
- SUSE CVE CVE-2016-9391 page
- SUSE CVE CVE-2016-9392 page
- SUSE CVE CVE-2016-9393 page
- SUSE CVE CVE-2016-9394 page
Описание
Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.
Затронутые продукты
Ссылки
- CVE-2016-9262
- SUSE Bug 1009994
- SUSE Bug 1078851
- SUSE Bug 1178702
Описание
The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
Затронутые продукты
Ссылки
- CVE-2016-9388
- SUSE Bug 1010975
- SUSE Bug 1078851
- SUSE Bug 1178702
Описание
The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).
Затронутые продукты
Ссылки
- CVE-2016-9389
- SUSE Bug 1010968
- SUSE Bug 1078851
- SUSE Bug 1178702
Описание
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
Затронутые продукты
Ссылки
- CVE-2016-9390
- SUSE Bug 1010774
- SUSE Bug 1078851
- SUSE Bug 1178702
Описание
The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.
Затронутые продукты
Ссылки
- CVE-2016-9391
- SUSE Bug 1010782
- SUSE Bug 1078851
- SUSE Bug 1178702
Описание
The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2016-9392
- SUSE Bug 1010757
- SUSE Bug 1178702
Описание
The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2016-9393
- SUSE Bug 1010757
- SUSE Bug 1010766
- SUSE Bug 1078851
- SUSE Bug 1178702
Описание
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2016-9394
- SUSE Bug 1010756
- SUSE Bug 1010757
- SUSE Bug 1078851
- SUSE Bug 1178702
Описание
JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
Затронутые продукты
Ссылки
- CVE-2017-1000050
- SUSE Bug 1047958
- SUSE Bug 1078851
- SUSE Bug 1178702