SUSE-SU-2017:0084

openSUSE-SU-2017:0101

[oss-security] 20161117 Re: jasper: multiple assertion failures

94376

https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure

https://bugzilla.redhat.com/show_bug.cgi?id=1396977

https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a

This update for jasper fixes the following issues: Security issues fixed :

  - CVE-2016-8654: Heap-based buffer overflow in QMFB code     in JPC codec (bsc#1012530)

  - CVE-2016-9395: Missing sanity checks on the data in a     SIZ marker segment (bsc#1010977).

  - CVE-2016-9398: jpc_math.c:94: int jpc_floorlog2(int):
    Assertion 'x > 0' failed. (bsc#1010979)

  - CVE-2016-9560: stack-based buffer overflow in     jpc_tsfb_getbands2 (jpc_tsfb.c) (bsc#1011830)

  - CVE-2016-9583: Out of bounds heap read in     jpc_pi_nextpcrl() (bsc#1015400)

  - CVE-2016-9591: Use-after-free on heap in     jas_matrix_destroy (bsc#1015993)

  - CVE-2016-9600: NULL pointer Dereference due to missing     check for UNKNOWN color space in JP2 encoder     (bsc#1018088)

  - CVE-2016-10251: Use of uninitialized value in     jpc_pi_nextcprl (jpc_t2cod.c) (bsc#1029497)

  - CVE-2017-5498: left-shift undefined behaviour     (bsc#1020353)

  - CVE-2017-6850: NULL pointer dereference in     jp2_cdef_destroy (jp2_cod.c) (bsc#1021868)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for jasper fixes the following issues :

  - CVE-2016-8654: Heap-based buffer overflow in QMFB code     in JPC codec. (bsc#1012530)

  - CVE-2016-9395: Invalid jasper files could lead to abort     of the library caused by attacker provided image.
    (bsc#1010977)

  - CVE-2016-9398: Invalid jasper files could lead to abort     of the library caused by attacker provided image.
    (bsc#1010979)

  - CVE-2016-9560: Stack-based buffer overflow in     jpc_tsfb_getbands2. (bsc#1011830)

  - CVE-2016-9591: Use-after-free on heap in     jas_matrix_destroy. (bsc#1015993)

This update was imported from the SUSE:SLE-12:Update update project.

This update for jasper fixes the following issues :

  - CVE-2016-8654: Heap-based buffer overflow in QMFB code     in JPC codec. (bsc#1012530)

  - CVE-2016-9395: Invalid jasper files could lead to abort     of the library caused by attacker provided image.
    (bsc#1010977)

  - CVE-2016-9398: Invalid jasper files could lead to abort     of the library caused by attacker provided image.
    (bsc#1010979)

  - CVE-2016-9560: Stack-based buffer overflow in     jpc_tsfb_getbands2. (bsc#1011830)

  - CVE-2016-9591: Use-after-free on heap in     jas_matrix_destroy. (bsc#1015993)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
99232	SUSE SLES11 Security Update : jasper (SUSE-SU-2017:0946-1)	Nessus	SuSE Local Security Checks	high
96400	openSUSE Security Update : jasper (openSUSE-2017-70)	Nessus	SuSE Local Security Checks	high
96387	SUSE SLED12 / SLES12 Security Update : jasper (SUSE-SU-2017:0084-1)	Nessus	SuSE Local Security Checks	high

CVE-2016-9395

MEDIUM

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high