ArchLinux: 201703-9: jasper: multiple issues
Summary
- CVE-2016-8886 (denial of service)
A memory allocation failure was found in jas_malloc triggered by a
crafted file that results in an application crash leading to denial of
service.
- CVE-2016-9591 (arbitrary code execution)
A heap-use-after-free vulnerability has been found in jasper. The
vulnerability exists in code responsible for re-encoding the decoded
input image file to a J2P image. The vulnerability is caused by not
setting related pointers to be null after the pointers are freed (i.e.
missing Setting-Pointer-Null operations after free). The vulnerability
can further cause double-free.
Resolution
Upgrade to 2.0.12-1.
# pacman -Syu "jasper>=2.0.12-1"
The problems have been fixed upstream in version 2.0.12.
References
https://seclists.org/oss-sec/2016/q4/214 https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c/ https://github.com/jasper-software/jasper/commit/65536647d380571d1a9a6c91fa03775fb5bbd256 https://github.com/jasper-software/jasper/issues/105 https://www.openwall.com/lists/oss-security/2016/12/16/3 https://github.com/jasper-software/jasper/commit/03fe49ab96bf65fea784cdc256507ea88267fc7c https://security.archlinux.org/CVE-2016-8886 https://security.archlinux.org/CVE-2016-9591
Workaround
None.