Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Ubuntu 16.04 LTS: USN-4688-1 Severe: JasPer DoS Vulnerability

ubuntu
Calendar Grey January 11, 2021
Dist Ubuntu Esm H88
Essential updates for JasPer addressed several vulnerabilities in Ubuntu 16.04, aiming to mitigate risks of attacks and safeguard data integrity.
Several security issues were fixed in JasPer.

Summary

Several security issues were fixed in JasPer.

Software Description:

- jasper: Library for manipulating JPEG-2000 files

Details:

It was discovered that Jasper incorrectly certain files.

An attacker could possibly use this issue to cause a crash.

(CVE-2018-18873)

It was discovered that Jasper incorrectly handled certain files.

An attacker could possibly use this issue to cause a denial of service.

(CVE-2018-19542)

It was discovered that Jasper incorrectly handled certain JPC encoders.

An attacker could possibly use this issue to execute arbitrary code.

(CVE-2020-27828)

It was discovered that Jasper incorrectly handled certain images.

An attacker could possibly use this issue to expose sensitive information

or cause a crash.

(CVE-2017-9782)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  libjasper1                      1.900.1-debian1-2.4ubuntu1.3

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4688-1

CVE-2017-9782, CVE-2018-18873, CVE-2018-19542, CVE-2020-27828

Severity
critical
Lowest
Low
Medium
High
Critical

January 11, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.