jasper security update

ID CESA-2018:3253
Type centos
Reporter CentOS Project
Modified 2018-11-15T18:47:22


CentOS Errata and Security Advisory CESA-2018:3253

JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard.

Security Fix(es):

  • jasper: reachable assertion in JPC_NOMINALGAIN() (CVE-2016-9396)

  • jasper: NULL pointer exception in jp2_encode() (CVE-2017-1000050)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-cr-announce/2018-November/005479.html

Affected packages: jasper jasper-devel jasper-libs jasper-utils

Upstream details at: