AVG-14

Package jasper
Status Fixed
Severity Critical
Type multiple issues
Affected 1.900.1-15
Fixed 1.900.31-1
Current 2.0.14-1 [extra]
Ticket None
Created Sun Sep 18 15:54:48 2016
Issue Severity Remote Type Description
CVE-2016-9560 Critical Yes Arbitrary code execution
A  stack buffer overflow vulnerability has been discovered in jpc/jpc_dec.c duo to an out of bounds array write triggered by a crafted image.
CVE-2016-9557 Medium Yes Denial of service
A signed integer overflow vulnerability has been discovered in jas_image.c triggered by a crafted image. An option max_samples has been added to the BMP and...
CVE-2016-9388 Medium Yes Denial of service
An improper error handling was found in the RAS encoder/decoder triggering assertion tests that result in denial of service.
CVE-2016-9387 Medium Yes Denial of service
An integer overflow in jpc_dec_process_siz was found that can be triggered by crafted image file when given as input to imginfo.
CVE-2016-9262 High Yes Arbitrary code execution
A number of overflows were found in jasper causing use after free vulnerability triggered by a crafted image.
CVE-2016-8887 Medium Yes Denial of service
A null pointer dereference vulnerability was found in jp2_colr_destroy in jp2_cod.c leading to application crash.
CVE-2016-8885 Medium Yes Denial of service
A null pointer dereference vulnerability has been discovered in bmp_getdata in bmp_dec.c.
CVE-2016-8884 Medium Yes Denial of service
A null pointer dereference vulnerability has been discovered in bmp_getdata in bmp_dec.c.
CVE-2016-8693 Medium Yes Denial of service
A double free vulnerability was found in mem_close in jas_stream.c triggered by invoking imginfo command on specially crafted image file.
CVE-2016-8692 Medium Yes Denial of service
A division by zero vulnerability was found in jpc_dec_process_siz triggered by invoking imginfo command on specially crafted file.
CVE-2016-8691 Medium Yes Denial of service
A division by zero vulnerability was found in jpc_dec_process_siz triggered by invoking imginfo command on specially crafted file.
CVE-2016-8690 Medium Yes Denial of service
A null pointer dereference vulnerability was found in bmp_getdata triggered by invoking imginfo command on specially crafted BMP image.
CVE-2016-2089 Medium Yes Denial of service
The jas_matrix_clip function in jas_seq.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.
CVE-2015-8751 Medium Yes Denial of service
An integer overflow flaw was found in the way the JasPer's library jas_matrix_create() function parsed certain JPEG 2000 image files. A specially crafted...
CVE-2015-5203 High Yes Arbitrary code execution
A double free flaw was found in the way JasPer's jasper_image_stop_load() function parsed certain JPEG 2000 image files. A specially crafted file could...
Date Advisory Package Description
07 Dec 2016 ASA-201612-9 jasper multiple issues
Notes
Some information about 1.900.2: https://github.com/mdadams/jasper/issues/19#issuecomment-251642985
Crasher to verify fixes: https://github.com/asarubbo/poc