Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:0101-1

Опубликовано: 10 янв. 2017
Источник: suse-cvrf

Описание

Security update for jasper

This update for jasper fixes the following issues:

  • CVE-2016-8654: Heap-based buffer overflow in QMFB code in JPC codec. (bsc#1012530)
  • CVE-2016-9395: Invalid jasper files could lead to abort of the library caused by attacker provided image. (bsc#1010977)
  • CVE-2016-9398: Invalid jasper files could lead to abort of the library caused by attacker provided image. (bsc#1010979)
  • CVE-2016-9560: Stack-based buffer overflow in jpc_tsfb_getbands2. (bsc#1011830)
  • CVE-2016-9591: Use-after-free on heap in jas_matrix_destroy. (bsc#1015993)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.1
jasper-1.900.14-170.1
libjasper-devel-1.900.14-170.1
libjasper1-1.900.14-170.1
libjasper1-32bit-1.900.14-170.1
openSUSE Leap 42.2
jasper-1.900.14-170.1
libjasper-devel-1.900.14-170.1
libjasper1-1.900.14-170.1
libjasper1-32bit-1.900.14-170.1

Ссылки

Описание

A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.

Затронутые продукты
openSUSE Leap 42.1:jasper-1.900.14-170.1
openSUSE Leap 42.1:libjasper-devel-1.900.14-170.1
openSUSE Leap 42.1:libjasper1-1.900.14-170.1
openSUSE Leap 42.1:libjasper1-32bit-1.900.14-170.1
Ссылки

Описание

The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

Затронутые продукты
openSUSE Leap 42.1:jasper-1.900.14-170.1
openSUSE Leap 42.1:libjasper-devel-1.900.14-170.1
openSUSE Leap 42.1:libjasper1-1.900.14-170.1
openSUSE Leap 42.1:libjasper1-32bit-1.900.14-170.1
Ссылки

Описание

The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

Затронутые продукты
openSUSE Leap 42.1:jasper-1.900.14-170.1
openSUSE Leap 42.1:libjasper-devel-1.900.14-170.1
openSUSE Leap 42.1:libjasper1-1.900.14-170.1
openSUSE Leap 42.1:libjasper1-32bit-1.900.14-170.1
Ссылки

Описание

Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer 1.900.26, 1.900.27, 1.900.28, 1.900.29 and 1.900.30 allows remote attackers to have unspecified impact via a crafted image.

Затронутые продукты
openSUSE Leap 42.1:jasper-1.900.14-170.1
openSUSE Leap 42.1:libjasper-devel-1.900.14-170.1
openSUSE Leap 42.1:libjasper1-1.900.14-170.1
openSUSE Leap 42.1:libjasper1-32bit-1.900.14-170.1
Ссылки

Описание

JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.

Затронутые продукты
openSUSE Leap 42.1:jasper-1.900.14-170.1
openSUSE Leap 42.1:libjasper-devel-1.900.14-170.1
openSUSE Leap 42.1:libjasper1-1.900.14-170.1
openSUSE Leap 42.1:libjasper1-32bit-1.900.14-170.1
Ссылки
Уязвимость openSUSE-SU-2017:0101-1