Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:14627-1

Опубликовано: 16 фев. 2021
Источник: suse-cvrf

Описание

Security update for jasper

This update for jasper fixes the following issues:

  • bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls
  • bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3
libjasper-1.900.14-134.33.20.1
SUSE Linux Enterprise Server 11 SP4-LTSS
libjasper-1.900.14-134.33.20.1
libjasper-32bit-1.900.14-134.33.20.1

Ссылки

Описание

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:libjasper-1.900.14-134.33.20.1
SUSE Linux Enterprise Server 11 SP4-LTSS:libjasper-1.900.14-134.33.20.1
SUSE Linux Enterprise Server 11 SP4-LTSS:libjasper-32bit-1.900.14-134.33.20.1
Ссылки

Описание

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:libjasper-1.900.14-134.33.20.1
SUSE Linux Enterprise Server 11 SP4-LTSS:libjasper-1.900.14-134.33.20.1
SUSE Linux Enterprise Server 11 SP4-LTSS:libjasper-32bit-1.900.14-134.33.20.1
Ссылки