|
|
Subscribe / Log in / New account

jasper: multiple vulnerabilities

Package(s):jasper netpbm ghostscript CVE #(s):CVE-2008-3520 CVE-2008-3522
Created:December 17, 2008 Updated:January 4, 2012
Description:

From the Gentoo advisory:

Marc Espie and Christian Weisgerber have discovered multiple vulnerabilities in JasPer:

* Multiple integer overflows might allow for insufficient memory allocation, leading to heap-based buffer overflows (CVE-2008-3520).

* The jas_stream_printf() function in libjasper/base/jas_stream.c uses vsprintf() to write user-provided data to a static to a buffer, leading to an overflow (CVE-2008-3522).

Remote attackers could entice a user or automated system to process specially crafted jpeg2k files with an application using JasPer, possibly leading to the execution of arbitrary code.

Alerts:
openSUSE openSUSE-SU-2016:2737-1 jasper 2016-11-05
openSUSE openSUSE-SU-2016:2722-1 jasper 2016-11-04
openSUSE openSUSE-SU-2016:2833-1 jasper 2016-11-17
Slackware SSA:2015-302-02 jasper 2015-10-29
Ubuntu USN-1317-1 ghostscript 2012-01-04
Debian DSA-2080-1 ghostscript 2010-08-01
Mandriva MDVSA-2009:317 netpbm 2009-12-05
Mandriva MDVSA-2009:311 ghostscript 2009-12-03
Mandriva MDVSA-2009:142-1 jasper 2009-12-03
Fedora FEDORA-2009-10761 jasper 2009-10-27
Fedora FEDORA-2009-10737 jasper 2009-10-27
Mandriva MDVSA-2009:165 ghostscript 2009-07-28
Mandriva MDVSA-2009:164 jasper 2009-07-28
Mandriva MDVSA-2009:144 ghostscript 2009-06-27
Mandriva MDVSA-2009:143 netpbm 2009-06-26
Mandriva MDVSA-2009:142 jasper 2009-06-26
Ubuntu USN-742-1 jasper 2009-03-19
CentOS CESA-2009:0012 netpbm 2009-02-11
Red Hat RHSA-2009:0012-01 netpbm 2009-02-11
Gentoo 200812-18 jasper 2008-12-16
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds