jasper: multiple issues

2016-12-07T00:00:00
ID ASA-201612-9
Type archlinux
Reporter Arch Linux
Modified 2016-12-07T00:00:00

Description

  • CVE-2015-5203 (arbitrary code execution)

A double free flaw was found in the way JasPer's jasper_image_stop_load() function parsed certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or possibly execute arbitrary code.

  • CVE-2015-8751 (denial of service)

An integer overflow flaw was found in the way the JasPer's library jas_matrix_create() function parsed certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.

  • CVE-2016-2089 (denial of service)

The jas_matrix_clip function in jas_seq.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.

  • CVE-2016-8690 (denial of service)

A null pointer dereference vulnerability was found in bmp_getdata triggered by invoking imginfo command on specially crafted BMP image.

  • CVE-2016-8691 (denial of service)

A division by zero vulnerability was found in jpc_dec_process_siz triggered by invoking imginfo command on specially crafted file.

  • CVE-2016-8692 (denial of service)

A division by zero vulnerability was found in jpc_dec_process_siz triggered by invoking imginfo command on specially crafted file.

  • CVE-2016-8693 (denial of service)

A double free vulnerability was found in mem_close in jas_stream.c triggered by invoking imginfo command on specially crafted image file.

  • CVE-2016-8884 (denial of service)

A null pointer dereference vulnerability has been discovered in bmp_getdata in bmp_dec.c.

  • CVE-2016-8885 (denial of service)

A null pointer dereference vulnerability has been discovered in bmp_getdata in bmp_dec.c.

  • CVE-2016-8887 (denial of service)

A null pointer dereference vulnerability was found in jp2_colr_destroy in jp2_cod.c leading to application crash.

  • CVE-2016-9262 (arbitrary code execution)

A number of overflows were found in jasper causing use after free vulnerability triggered by a crafted image.

  • CVE-2016-9387 (denial of service)

An integer overflow in jpc_dec_process_siz was found that can be triggered by crafted image file when given as input to imginfo.

  • CVE-2016-9388 (denial of service)

An improper error handling was found in the RAS encoder/decoder triggering assertion tests that result in denial of service.

  • CVE-2016-9557 (denial of service)

A signed integer overflow vulnerability has been discovered in jas_image.c triggered by a crafted image. An option max_samples has been added to the BMP and JPEG decoders to restrict the maximum size of image that they can decode. This change was made as a (possibly temporary) fix to address security concerns.

  • CVE-2016-9560 (arbitrary code execution)

A stack buffer overflow vulnerability has been discovered in jpc/jpc_dec.c duo to an out of bounds array write triggered by a crafted image.