Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 448
Alerts This Week
Warning Icon 1 448

Fedora 25: 2016-9b17661de5 Critical: Jasper Memory Leak and Free Issues

fedora
Calendar Grey September 9, 2016
Dist Fedora Esm H88
Addresses several concerns in the Jasper framework on Fedora 25, improving both robustness and safety.
Security fix for CVE-2015-5203, CVE-2015-5221, CVE-2016-1867, CVE-2016-1577 and CVE-2016-2116.

Summary

This package contains an implementation of the image compression

standard JPEG-2000, Part 1. It consists of tools for conversion to and

from the JP2 and JPC formats.

Update Information:

Security fix for CVE-2015-5203, CVE-2015-5221, CVE-2016-1867, CVE-2016-1577 and CVE-2016-2116.

Change Log

References


[ 1 ] Bug #1314472 - CVE-2016-2116 jasper: Memory leak in jas_iccprof_createfrombuf causing memory consumption https://bugzilla.redhat.com/show_bug.cgi?id=1314472 [ 2 ] Bug #1314466 - CVE-2016-1577 jasper: Double free vulnerability in jas_iccattrval_destroy https://bugzilla.redhat.com/show_bug.cgi?id=1314466 [ 3 ] Bug #1298135 - CVE-2016-1867 jasper: out-of-bounds read in the jpc_pi_nextcprl() function https://bugzilla.redhat.com/show_bug.cgi?id=1298135 [ 4 ] Bug #1255710 - CVE-2015-5221 jasper: Use-after-free and double-free flaws in Jasper JPEG-2000 library https://bugzilla.redhat.com/show_bug.cgi?id=1255710 [ 5 ] Bug #1254242 - CVE-2015-5203 jasper: double free in jasper_image_stop_load() https://bugzilla.redhat.com/show_bug.cgi?id=1254242

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update jasper' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: jasper
Product: Fedora 25
Version: 1.900.1
Release: 33.fc25
Summary: Implementation of the JPEG-2000 standard, Part 1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.