AVG-69

Package jasper
Status Fixed
Severity High
Type multiple issues
Affected 2.0.10-1
Fixed 2.0.12-1
Current 2.0.14-1 [extra]
Ticket None
Created Sat Nov 12 14:12:21 2016
Issue Severity Remote Type Description
CVE-2016-9591 High Yes Arbitrary code execution
A heap-use-after-free vulnerability has been found in jasper. The vulnerability exists in code responsible for re-encoding the decoded input image file to a...
CVE-2016-8886 Medium Yes Denial of service
A memory allocation failure was found in jas_malloc triggered by a crafted file that results in an application crash leading to denial of service.
Date Advisory Package Description
14 Mar 2017 ASA-201703-9 jasper multiple issues