CVE-2016-1577

Summary: CVE-2016-1577 is a double‑free vulnerability in JasPer’s jas_iccattrval_destroy function, affecting JasPer 1.900.1 and earlier. A crafted ICC color profile within a JPEG 2000 image can cause a crash or, potentially, arbitrary code execution. Impact (per sources): denial of service with c...

CVE-2016-1577

Double free vulnerability in the jasiccattrvaldestroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137...

CVE-2016-1577

Double free vulnerability in the jasiccattrvaldestroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137...

CVE-2014-8137

Double free vulnerability in the jasiccattrvaldestroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file...

jasper security update

1.900.1-16.2 - CVE-2014-8137 - double-free in in jasiccattrvaldestroy 1173566 - CVE-2014-8138 - heap overflow in jp2decode 1173566 1.900.1-16.1 - CVE-2014-9029 - incorrect component number check in COC, RGN and QCC marker segment decoders 1171208 1.900.1-16 - CERT VU887409: heap buffer overflow...