The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html
http://rhn.redhat.com/errata/RHSA-2015-0698.html
http://secunia.com/advisories/47193
http://secunia.com/advisories/47306
http://secunia.com/advisories/47353
http://www.debian.org/security/2011/dsa-2371
http://www.kb.cert.org/vuls/id/887409
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
http://www.redhat.com/support/errata/RHSA-2011-1807.html
http://www.redhat.com/support/errata/RHSA-2011-1811.html
http://www.securityfocus.com/bid/50992
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
http://www.ubuntu.com/usn/USN-1315-1
http://www-01.ibm.com/support/docview.wss?uid=swg21660640
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
94601 | openSUSE Security Update : jasper (openSUSE-2016-1270) | Nessus | SuSE Local Security Checks | critical |
86663 | Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : jasper (SSA:2015-302-02) | Nessus | Slackware Local Security Checks | critical |
81969 | RHEL 6 : rhevm-spice-client (RHSA-2015:0698) (POODLE) | Nessus | Red Hat Local Security Checks | critical |
80618 | Oracle Solaris Third-Party Patch Update : ghostscript (multiple_denial_of_service_vulnerabilities7) | Nessus | Solaris Local Security Checks | medium |
80068 | Fedora 19 : mingw-jasper-1.900.1-24.fc19 (2014-17032) | Nessus | Fedora Local Security Checks | high |
80067 | Fedora 20 : mingw-jasper-1.900.1-24.fc20 (2014-17027) | Nessus | Fedora Local Security Checks | high |
80066 | Fedora 21 : mingw-jasper-1.900.1-24.fc21 (2014-16961) | Nessus | Fedora Local Security Checks | high |
75869 | openSUSE Security Update : jasper (openSUSE-SU-2011:1328-1) | Nessus | SuSE Local Security Checks | medium |
75532 | openSUSE Security Update : jasper (openSUSE-SU-2011:1328-1) | Nessus | SuSE Local Security Checks | medium |
74535 | openSUSE Security Update : jasper (openSUSE-2011-87) | Nessus | SuSE Local Security Checks | medium |
68404 | Oracle Linux 4 / 5 : netpbm (ELSA-2011-1811) | Nessus | Oracle Linux Local Security Checks | high |
68403 | Oracle Linux 6 : jasper (ELSA-2011-1807) | Nessus | Oracle Linux Local Security Checks | medium |
66012 | FreeBSD : jasper -- buffer overflow (8ff84335-a7da-11e2-b3f5-003067c2616f) | Nessus | FreeBSD Local Security Checks | critical |
58514 | Symantec Enterprise Vault / Oracle Outside In Multiple Vulnerabilities (SYM12-004) | Nessus | Windows | medium |
57652 | GLSA-201201-10 : JasPer: User-assisted execution of arbitrary code | Nessus | Gentoo Local Security Checks | medium |
57511 | Debian DSA-2371-1 : jasper - buffer overflows | Nessus | Debian Local Security Checks | medium |
57436 | Ubuntu 8.04 LTS / 10.04 LTS / 10.10 : ghostscript vulnerabilities (USN-1317-1) | Nessus | Ubuntu Local Security Checks | critical |
57417 | Fedora 16 : jasper-1.900.1-18.fc16 (2011-16966) | Nessus | Fedora Local Security Checks | medium |
57416 | Fedora 15 : jasper-1.900.1-18.fc15 (2011-16955) | Nessus | Fedora Local Security Checks | medium |
57378 | CentOS 6 : jasper (CESA-2011:1807) | Nessus | CentOS Local Security Checks | medium |
57357 | Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : jasper vulnerabilities (USN-1315-1) | Nessus | Ubuntu Local Security Checks | medium |
57331 | Mandriva Linux Security Advisory : jasper (MDVSA-2011:189) | Nessus | Mandriva Local Security Checks | medium |
57313 | SuSE 10 Security Update : jasper (ZYPP Patch Number 7878) | Nessus | SuSE Local Security Checks | medium |
57140 | CentOS 4 / 5 : netpbm (CESA-2011:1811) | Nessus | CentOS Local Security Checks | high |
57108 | SuSE 11.1 Security Update : jasper (SAT Patch Number 5523) | Nessus | SuSE Local Security Checks | medium |
57081 | RHEL 4 / 5 : netpbm (RHSA-2011:1811) | Nessus | Red Hat Local Security Checks | high |
57054 | RHEL 6 : jasper (RHSA-2011:1807) | Nessus | Red Hat Local Security Checks | medium |