Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:1034-1

Опубликовано: 18 апр. 2017
Источник: suse-cvrf

Описание

Security update for jasper

This update for jasper fixes the following issues:

Security issues fixed:

  • CVE-2016-9600: Null Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder (bsc#1018088)
  • CVE-2016-10251: Use of uninitialized value in jpc_pi_nextcprl (jpc_t2cod.c) (bsc#1029497)
  • CVE-2017-5498: left-shift undefined behaviour (bsc#1020353)
  • CVE-2017-6850: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) (bsc#1021868)
  • CVE-2016-9583: Out of bounds heap read in jpc_pi_nextpcrl() (bsc#1015400)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.1
jasper-1.900.14-175.3.1
libjasper-devel-1.900.14-175.3.1
libjasper1-1.900.14-175.3.1
libjasper1-32bit-1.900.14-175.3.1
openSUSE Leap 42.2
jasper-1.900.14-175.3.1
libjasper-devel-1.900.14-175.3.1
libjasper1-1.900.14-175.3.1
libjasper1-32bit-1.900.14-175.3.1

Ссылки

Описание

Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.

Затронутые продукты
openSUSE Leap 42.1:jasper-1.900.14-175.3.1
openSUSE Leap 42.1:libjasper-devel-1.900.14-175.3.1
openSUSE Leap 42.1:libjasper1-1.900.14-175.3.1
openSUSE Leap 42.1:libjasper1-32bit-1.900.14-175.3.1
Ссылки

Описание

An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

Затронутые продукты
openSUSE Leap 42.1:jasper-1.900.14-175.3.1
openSUSE Leap 42.1:libjasper-devel-1.900.14-175.3.1
openSUSE Leap 42.1:libjasper1-1.900.14-175.3.1
openSUSE Leap 42.1:libjasper1-32bit-1.900.14-175.3.1
Ссылки

Описание

JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.

Затронутые продукты
openSUSE Leap 42.1:jasper-1.900.14-175.3.1
openSUSE Leap 42.1:libjasper-devel-1.900.14-175.3.1
openSUSE Leap 42.1:libjasper1-1.900.14-175.3.1
openSUSE Leap 42.1:libjasper1-32bit-1.900.14-175.3.1
Ссылки

Описание

libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

Затронутые продукты
openSUSE Leap 42.1:jasper-1.900.14-175.3.1
openSUSE Leap 42.1:libjasper-devel-1.900.14-175.3.1
openSUSE Leap 42.1:libjasper1-1.900.14-175.3.1
openSUSE Leap 42.1:libjasper1-32bit-1.900.14-175.3.1
Ссылки

Описание

The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.

Затронутые продукты
openSUSE Leap 42.1:jasper-1.900.14-175.3.1
openSUSE Leap 42.1:libjasper-devel-1.900.14-175.3.1
openSUSE Leap 42.1:libjasper1-1.900.14-175.3.1
openSUSE Leap 42.1:libjasper1-32bit-1.900.14-175.3.1
Ссылки