6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.29 Low
EPSS
Percentile
96.4%
JasPer is an implementation of Part 1 of the JPEG 2000 image compression
standard.
Two heap-based buffer overflow flaws were found in the way JasPer decoded
JPEG 2000 compressed image files. An attacker could create a malicious JPEG
2000 compressed image file that, when opened, would cause applications that
use JasPer (such as Nautilus) to crash or, potentially, execute arbitrary
code. (CVE-2011-4516, CVE-2011-4517)
Red Hat would like to thank Jonathan Foote of the CERT Coordination Center
for reporting these issues.
Users are advised to upgrade to these updated packages, which contain a
backported patch to correct these issues. All applications using the JasPer
libraries (such as Nautilus) must be restarted for the update to take
effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | ppc | jasper-debuginfo | < 1.900.1-15.el6_1.1 | jasper-debuginfo-1.900.1-15.el6_1.1.ppc.rpm |
RedHat | 6 | s390x | jasper-utils | < 1.900.1-15.el6_1.1 | jasper-utils-1.900.1-15.el6_1.1.s390x.rpm |
RedHat | 6 | ppc64 | jasper-utils | < 1.900.1-15.el6_1.1 | jasper-utils-1.900.1-15.el6_1.1.ppc64.rpm |
RedHat | 6 | src | jasper | < 1.900.1-15.el6_1.1 | jasper-1.900.1-15.el6_1.1.src.rpm |
RedHat | 6 | s390 | jasper-libs | < 1.900.1-15.el6_1.1 | jasper-libs-1.900.1-15.el6_1.1.s390.rpm |
RedHat | 6 | x86_64 | jasper-devel | < 1.900.1-15.el6_1.1 | jasper-devel-1.900.1-15.el6_1.1.x86_64.rpm |
RedHat | 6 | x86_64 | jasper | < 1.900.1-15.el6_1.1 | jasper-1.900.1-15.el6_1.1.x86_64.rpm |
RedHat | 6 | ppc64 | jasper-debuginfo | < 1.900.1-15.el6_1.1 | jasper-debuginfo-1.900.1-15.el6_1.1.ppc64.rpm |
RedHat | 6 | s390x | jasper-debuginfo | < 1.900.1-15.el6_1.1 | jasper-debuginfo-1.900.1-15.el6_1.1.s390x.rpm |
RedHat | 6 | ppc64 | jasper | < 1.900.1-15.el6_1.1 | jasper-1.900.1-15.el6_1.1.ppc64.rpm |