AVG-99 log

Package jasper
Status Fixed
Severity Critical
Type multiple issues
Affected 1.900.1-15
Fixed 1.900.5-1
Current 2.0.16-1 [extra]
Ticket None
Created Thu Dec 8 16:57:56 2016
Issue Severity Remote Type Description
CVE-2016-1867 Medium Yes Denial of service
The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted...
CVE-2015-5221 High Yes Arbitrary code execution
A use-after-free and double free has been discovered in the function mif_process_cmpt of the src/libjasper/mif/mif_cod.c file. Both tvp and tvp->buf are...
CVE-2014-9029 Critical Yes Arbitrary code execution
Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 files. A specially crafted file could...
CVE-2014-8158 High Yes Arbitrary code execution
An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using...
CVE-2014-8157 High Yes Arbitrary code execution
An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause...
CVE-2014-8138 Critical Yes Arbitrary code execution
Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly...
CVE-2014-8137 High Yes Arbitrary code execution
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash)...
CVE-2011-4517 Critical Yes Arbitrary code execution
A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000...
CVE-2011-4516 Critical Yes Arbitrary code execution
A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000...
CVE-2008-3522 High Yes Arbitrary code execution
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context- dependent attackers to have an...
CVE-2008-3520 High Yes Arbitrary code execution
Multiple possible integer overflows have been discovered in jasper occurring in jas_malloc calls, where integer overflows may result in an insufficient...
References
https://github.com/mdadams/jasper/issues/19#issuecomment-251642985