Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 579
Alerts This Week
Warning Icon 1 579

Debian 8: DLA-1583-1 Critical: Jasper JPEG-2000 Denial of Service Issues

debian lts
Calendar Grey November 21, 2018
Dist Debian Esm H88
Several security flaws patched in the jasper JPEG-2000 library. Crucial update for Debian 8 users to address potential vulnerabilities.
Several security vulnerabilities were discovered in the JasPer JPEG-2000 library

Summary

Gustavo Grieco discovered an integer overflow vulnerability that
allows remote attackers to cause a denial of service or may have
other unspecified impact via a crafted JPEG 2000 image file.

CVE-2015-5221

Josselin Feist found a double-free vulnerability that allows remote
attackers to cause a denial-of-service (application crash) by
processing a malformed image file.

CVE-2016-8690

Gustavo Grieco discovered a NULL pointer dereference vulnerability
that can cause a denial-of-service via a crafted BMP image file. The
update also includes the fixes for the related issues CVE-2016-8884
and CVE-2016-8885 which complete the patch for CVE-2016-8690.

CVE-2017-13748

It was discovered that jasper does not properly release memory used
to store image tile data when image decoding fails which may lead to
a denial-of-service.

CVE-2017-14132

A heap-based buffer over-read was found related to the

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

Package: jasper
Version: 1.900.1-debian1-2.4+deb8u4
CVE ID: CVE-2015-5203 CVE-2015-5221 CVE-2016-8690

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.