Описание
Security update for jasper
This update for jasper to version 1.900.14 fixes several issues.
These security issues were fixed:
- CVE-2016-8887: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (bsc#1006836)
- CVE-2016-8886: memory allocation failure in jas_malloc (jas_malloc.c) (bsc#1006599)
- CVE-2016-8884,CVE-2016-8885: two null pointer dereferences in bmp_getdata (incomplete fix for CVE-2016-8690) (bsc#1007009)
- CVE-2016-8883: assert in jpc_dec_tiledecode() (bsc#1006598)
- CVE-2016-8882: segfault / null pointer access in jpc_pi_destroy (bsc#1006597)
- CVE-2016-8881: Heap overflow in jpc_getuint16() (bsc#1006593)
- CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox() (bsc#1006591)
- CVE-2016-8693 Double free vulnerability in mem_close (bsc#1005242)
- CVE-2016-8691, CVE-2016-8692: Divide by zero in jpc_dec_process_siz (bsc#1005090)
- CVE-2016-8690: Null pointer dereference in bmp_getdata triggered by crafted BMP image (bsc#1005084)
- CVE-2016-2116: Memory leak in the jas_iccprof_createfrombuf function in JasPer allowed remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file (bsc#968373)
- CVE-2016-2089: invalid read in the JasPer's jas_matrix_clip() function (bsc#963983)
- CVE-2016-1867: Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function (bsc#961886)
- CVE-2015-5221: Use-after-free (and double-free) in Jasper JPEG-200 (bsc#942553).
- CVE-2015-5203: Double free corruption in JasPer JPEG-2000 implementation (bsc#941919)
- CVE-2008-3522: Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer might have allowed context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (bsc#392410)
- jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (incomplete fix for CVE-2016-8887) (bsc#1006839)
For additional change description please have a look at the changelog.
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.1
openSUSE Leap 42.2
Ссылки
- E-Mail link for openSUSE-SU-2016:2833-1
- SUSE Security Ratings
Описание
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.
Затронутые продукты
Ссылки
- CVE-2008-3522
- SUSE Bug 1178702
- SUSE Bug 392410
Описание
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.
Затронутые продукты
Ссылки
- CVE-2014-8158
- SUSE Bug 1178702
- SUSE Bug 911837
Описание
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
Затронутые продукты
Ссылки
- CVE-2015-5203
- SUSE Bug 1178702
- SUSE Bug 941919
- SUSE Bug 942553
Описание
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
Затронутые продукты
Ссылки
- CVE-2015-5221
- SUSE Bug 1178702
- SUSE Bug 942553
Описание
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.
Затронутые продукты
Ссылки
- CVE-2016-1577
- SUSE Bug 1178702
- SUSE Bug 968373
Описание
The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
Затронутые продукты
Ссылки
- CVE-2016-1867
- SUSE Bug 1178702
- SUSE Bug 961886
Описание
The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.
Затронутые продукты
Ссылки
- CVE-2016-2089
- SUSE Bug 1178702
- SUSE Bug 963983
Описание
Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.
Затронутые продукты
Ссылки
- CVE-2016-2116
- SUSE Bug 1178702
- SUSE Bug 968373
Описание
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.
Затронутые продукты
Ссылки
- CVE-2016-8690
- SUSE Bug 1005084
- SUSE Bug 1007009
- SUSE Bug 1178702
Описание
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.
Затронутые продукты
Ссылки
- CVE-2016-8691
- SUSE Bug 1005090
- SUSE Bug 1178702
Описание
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.
Затронутые продукты
Ссылки
- CVE-2016-8692
- SUSE Bug 1005090
- SUSE Bug 1178702
Описание
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
Затронутые продукты
Ссылки
- CVE-2016-8693
- SUSE Bug 1005242
- SUSE Bug 1178702
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4516. Reason: This candidate is a duplicate of CVE-2011-4516. Notes: All CVE users should reference CVE-2011-4516 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Затронутые продукты
Ссылки
- CVE-2016-8880
- SUSE Bug 1006591
- SUSE Bug 1178702
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4517. Reason: This candidate is a duplicate of CVE-2011-4517. Notes: All CVE users should reference CVE-2011-4517 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Затронутые продукты
Ссылки
- CVE-2016-8881
- SUSE Bug 1006593
- SUSE Bug 1178702
Описание
The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2016-8882
- SUSE Bug 1006597
- SUSE Bug 1178702
Описание
The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2016-8883
- SUSE Bug 1006598
- SUSE Bug 1178702
Описание
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.
Затронутые продукты
Ссылки
- CVE-2016-8884
- SUSE Bug 1005084
- SUSE Bug 1007009
- SUSE Bug 1178702
Описание
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.
Затронутые продукты
Ссылки
- CVE-2016-8885
- SUSE Bug 1005084
- SUSE Bug 1007009
- SUSE Bug 1178702
Описание
The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.
Затронутые продукты
Ссылки
- CVE-2016-8886
- SUSE Bug 1006599
- SUSE Bug 1178702
Описание
The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).
Затронутые продукты
Ссылки
- CVE-2016-8887
- SUSE Bug 1006836
- SUSE Bug 1006839
- SUSE Bug 1178702