Important: jasper

2015-01-0811:36:00

alas.aws.amazon.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.457 Medium

EPSS

Percentile

97.4%

JSON

Issue Overview:

Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-9029)

A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8138)

A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8137)

Affected Packages:

jasper

Issue Correction:
Run yum update jasper to update your system.

New Packages:

i686:  
    jasper-utils-1.900.1-16.7.amzn1.i686  
    jasper-libs-1.900.1-16.7.amzn1.i686  
    jasper-devel-1.900.1-16.7.amzn1.i686  
    jasper-debuginfo-1.900.1-16.7.amzn1.i686  
    jasper-1.900.1-16.7.amzn1.i686  
  
src:  
    jasper-1.900.1-16.7.amzn1.src  
  
x86_64:  
    jasper-libs-1.900.1-16.7.amzn1.x86_64  
    jasper-1.900.1-16.7.amzn1.x86_64  
    jasper-debuginfo-1.900.1-16.7.amzn1.x86_64  
    jasper-devel-1.900.1-16.7.amzn1.x86_64  
    jasper-utils-1.900.1-16.7.amzn1.x86_64

Additional References

Red Hat: CVE-2014-8137, CVE-2014-8138, CVE-2014-9029

Mitre: CVE-2014-8137, CVE-2014-8138, CVE-2014-9029

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686jasper-utils< 1.900.1-16.7.amzn1jasper-utils-1.900.1-16.7.amzn1.i686.rpm
Amazon Linux1i686jasper-libs< 1.900.1-16.7.amzn1jasper-libs-1.900.1-16.7.amzn1.i686.rpm
Amazon Linux1i686jasper-devel< 1.900.1-16.7.amzn1jasper-devel-1.900.1-16.7.amzn1.i686.rpm
Amazon Linux1i686jasper-debuginfo< 1.900.1-16.7.amzn1jasper-debuginfo-1.900.1-16.7.amzn1.i686.rpm
Amazon Linux1i686jasper< 1.900.1-16.7.amzn1jasper-1.900.1-16.7.amzn1.i686.rpm
Amazon Linux1x86_64jasper-libs< 1.900.1-16.7.amzn1jasper-libs-1.900.1-16.7.amzn1.x86_64.rpm
Amazon Linux1x86_64jasper< 1.900.1-16.7.amzn1jasper-1.900.1-16.7.amzn1.x86_64.rpm
Amazon Linux1x86_64jasper-debuginfo< 1.900.1-16.7.amzn1jasper-debuginfo-1.900.1-16.7.amzn1.x86_64.rpm
Amazon Linux1x86_64jasper-devel< 1.900.1-16.7.amzn1jasper-devel-1.900.1-16.7.amzn1.x86_64.rpm
Amazon Linux1x86_64jasper-utils< 1.900.1-16.7.amzn1jasper-utils-1.900.1-16.7.amzn1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	1	i686	jasper-utils	< 1.900.1-16.7.amzn1	jasper-utils-1.900.1-16.7.amzn1.i686.rpm
Amazon Linux	1	i686	jasper-libs	< 1.900.1-16.7.amzn1	jasper-libs-1.900.1-16.7.amzn1.i686.rpm
Amazon Linux	1	i686	jasper-devel	< 1.900.1-16.7.amzn1	jasper-devel-1.900.1-16.7.amzn1.i686.rpm
Amazon Linux	1	i686	jasper-debuginfo	< 1.900.1-16.7.amzn1	jasper-debuginfo-1.900.1-16.7.amzn1.i686.rpm
Amazon Linux	1	i686	jasper	< 1.900.1-16.7.amzn1	jasper-1.900.1-16.7.amzn1.i686.rpm
Amazon Linux	1	x86_64	jasper-libs	< 1.900.1-16.7.amzn1	jasper-libs-1.900.1-16.7.amzn1.x86_64.rpm
Amazon Linux	1	x86_64	jasper	< 1.900.1-16.7.amzn1	jasper-1.900.1-16.7.amzn1.x86_64.rpm
Amazon Linux	1	x86_64	jasper-debuginfo	< 1.900.1-16.7.amzn1	jasper-debuginfo-1.900.1-16.7.amzn1.x86_64.rpm
Amazon Linux	1	x86_64	jasper-devel	< 1.900.1-16.7.amzn1	jasper-devel-1.900.1-16.7.amzn1.x86_64.rpm
Amazon Linux	1	x86_64	jasper-utils	< 1.900.1-16.7.amzn1	jasper-utils-1.900.1-16.7.amzn1.x86_64.rpm