AVG-207 log

Package jasper
Status Fixed
Severity High
Type multiple issues
Affected 1.900.9-1
Fixed 1.900.20-1
Current 2.0.16-1 [extra]
Ticket None
Created Tue Mar 14 17:55:15 2017
Issue Severity Remote Type Description
CVE-2016-10251 Medium Yes Denial of service
A use of uninitialized value problem has been discovered in jasper in jpc_pi_nextcprl (jpc_t2cod.c) that is leading to application crash.
CVE-2016-10249 High Yes Arbitrary code execution
A heap-based buffer overflow vulnerability has been discovered in jasper in jpc_dec_tiledecode (jpc_dec.c) leading to arbitrary code execution.
CVE-2016-10248 Medium Yes Denial of service
A NULL pointer dereference problem has been discovered in jasper in jpc_tsfb_synthesize (jpc_tsfb.c) leading to application crash.