AVG-207 log
| Package | jasper |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 1.900.9-1 |
| Fixed | 1.900.20-1 |
| Current | 4.2.8-1 [extra] |
| Ticket | None |
| Created | Tue Mar 14 17:55:15 2017 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2016-10251 | Medium | Yes | Denial of service | A use of uninitialized value problem has been discovered in jasper in jpc_pi_nextcprl (jpc_t2cod.c) that is leading to application crash. |
| CVE-2016-10249 | High | Yes | Arbitrary code execution | A heap-based buffer overflow vulnerability has been discovered in jasper in jpc_dec_tiledecode (jpc_dec.c) leading to arbitrary code execution. |
| CVE-2016-10248 | Medium | Yes | Denial of service | A NULL pointer dereference problem has been discovered in jasper in jpc_tsfb_synthesize (jpc_tsfb.c) leading to application crash. |