Debian 7 Wheezy DLA-920-1 Moderate: Jasper Use-After-Free Risk
debian lts
April 26, 2017
CVE-2016-9591 Use-after-free on heap in jas_matrix_destroy The vulnerability exists in code responsible for re-encoding the
Summary
CVE-2016-9591
Use-after-free on heap in jas_matrix_destroy
The vulnerability exists in code responsible for re-encoding the
decoded input image file to a JP2 image. The vulnerability is
caused by not setting related pointers to be null after the
pointers are freed (i.e. missing Setting-Pointer-Null operations
after free). The vulnerability can further cause double-free.
CVE-2016-10251
Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in
JasPer before 1.900.20 allows remote attackers to have unspecified
impact via a crafted file, which triggers use of an uninitialized
value.
Additional
fix for TEMP-CVE from last upload to avoid hassle with SIZE_MAX
For Debian 7 "Wheezy", these problems have been fixed in version
1.900.1-13+deb7u6.
We recommend that you upgrade your jasper packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
PREVIOUS
NEXT
Package: jasper
Version: 1.900.1-13+deb7u6
CVE ID: CVE-2016-9591 CVE-2016-10251
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!