AVG-217 log
| Package | jasper |
| Status | Not affected |
| Severity | Medium |
| Type | denial of service |
| Affected | 2.0.10-1 |
| Fixed | 2.0.12-1 |
| Current | 4.2.4-2 [extra] |
| Ticket | None |
| Created | Wed Mar 15 17:08:08 2017 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2017-6851 | Medium | Yes | Denial of service | The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image. |
| References |
|---|
https://github.com/mdadams/jasper/issues/113 https://blogs.gentoo.org/ago/2017/01/25/jasper-invalid-memory-read-in-jas_matrix_bindsub-jas_seq-c/ |
| Notes |
|---|
This should've been analogous to another AVG, but it was missing. |