AVG-206

Package jasper
Status Fixed
Severity High
Type multiple issues
Affected 2.0.13-2
Fixed 2.0.14-1
Current 2.0.14-1 [extra]
Ticket None
Created Tue Mar 14 17:36:11 2017
Issue Severity Remote Type Description
CVE-2017-9782 Low No Denial of service
JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the...
CVE-2017-6852 High Yes Arbitrary code execution
A heap-based buffer overflow vulnerability has been discovered in jasper in jpc_dec_decodepkt (jpc_t2dec.c) that may lead to arbitrary code execution.
CVE-2017-6850 Medium Yes Denial of service
A NULL pointer dereference vulnerability has been discovered in jasper in jp2_cdef_destroy (jp2_cod.c) leading to application crash.
CVE-2017-5505 Medium Yes Denial of service
An invalid memory read in jas_matrix_asl (jas_seq.c) has been discovered that is triggered by a specially crafted file and is leading to denial of service.
CVE-2017-5504 Medium Yes Denial of service
An invalid memory read in jpc_undo_roi (jpc_dec.c) has been discovered that is triggered by a specially crafted file leading to denial of service.
CVE-2017-5503 High Yes Arbitrary code execution
An invalid memory write has been discovered in dec_clnpass (jpc_t1dec.c) triggered by a specially crafted file that may lead to arbitrary code execution.