|Type||Denial of service|
A signed integer overflow vulnerability has been discovered in jas_image.c triggered by a crafted image. An option max_samples has been added to the BMP and JPEG decoders to restrict the maximum size of image that they can decode. This change was made as a (possibly temporary) fix to address security concerns.
|07 Dec 2016||ASA-201612-9||AVG-14||jasper||Critical||multiple issues|