CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
95.1%
Issue Overview:
Two heap-based buffer overflow flaws were found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer (such as Nautilus) to crash or, potentially, execute arbitrary code.
Affected Packages:
jasper
Issue Correction:
Run yum update jasper to update your system.
New Packages:
i686:
jasper-debuginfo-1.900.1-15.5.amzn1.i686
jasper-devel-1.900.1-15.5.amzn1.i686
jasper-libs-1.900.1-15.5.amzn1.i686
jasper-1.900.1-15.5.amzn1.i686
jasper-utils-1.900.1-15.5.amzn1.i686
src:
jasper-1.900.1-15.5.amzn1.src
x86_64:
jasper-1.900.1-15.5.amzn1.x86_64
jasper-utils-1.900.1-15.5.amzn1.x86_64
jasper-debuginfo-1.900.1-15.5.amzn1.x86_64
jasper-devel-1.900.1-15.5.amzn1.x86_64
jasper-libs-1.900.1-15.5.amzn1.x86_64
Red Hat: CVE-2011-4516
Mitre: CVE-2011-4516
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | jasper-debuginfo | < 1.900.1-15.5.amzn1 | jasper-debuginfo-1.900.1-15.5.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | jasper-devel | < 1.900.1-15.5.amzn1 | jasper-devel-1.900.1-15.5.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | jasper-libs | < 1.900.1-15.5.amzn1 | jasper-libs-1.900.1-15.5.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | jasper | < 1.900.1-15.5.amzn1 | jasper-1.900.1-15.5.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | jasper-utils | < 1.900.1-15.5.amzn1 | jasper-utils-1.900.1-15.5.amzn1.i686.rpm |
Amazon Linux | 1 | x86_64 | jasper | < 1.900.1-15.5.amzn1 | jasper-1.900.1-15.5.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | jasper-utils | < 1.900.1-15.5.amzn1 | jasper-utils-1.900.1-15.5.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | jasper-debuginfo | < 1.900.1-15.5.amzn1 | jasper-debuginfo-1.900.1-15.5.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | jasper-devel | < 1.900.1-15.5.amzn1 | jasper-devel-1.900.1-15.5.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | jasper-libs | < 1.900.1-15.5.amzn1 | jasper-libs-1.900.1-15.5.amzn1.x86_64.rpm |