Overview Repositories Revisions Requests Users Attributes Meta
Security update for jasper

This update for jasper fixes the following issues:

- CVE-2016-9398: Improved patch for already fixed issue (bsc#1010979).
- CVE-2016-9399: Fix assert in calcstepsizes (bsc#1010980).
- CVE-2017-5499: Validate component depth bit (bsc#1020451).
- CVE-2017-5503: Check bounds in jas_seq2d_bindsub() (bsc#1020456).
- CVE-2017-5504: Check bounds in jas_seq2d_bindsub() (bsc#1020458).
- CVE-2017-5505: Check bounds in jas_seq2d_bindsub() (bsc#1020460).
- CVE-2017-14132: Fix heap base overflow in by checking components (bsc#1057152).
- CVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize (bsc#1088278).
- CVE-2018-18873: Fix null pointer deref in ras_putdatastd (bsc#1114498).
- CVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms (bsc#1115637).
- CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup (bsc#1117328).
- CVE-2018-20570: Fix heap based buffer over-read in jp2_encode (bsc#1120807).
- CVE-2018-20622: Fix memory leak in jas_malloc.c (bsc#1120805).

This update was imported from the SUSE:SLE-15:Update update project.

Fixed bugs
bnc#1010979
VUL-0: CVE-2016-9398: jasper: jpc_math.c:94: int jpc_floorlog2(int): Assertion 'x > 0' failed.
bnc#1010980
VUL-1: CVE-2016-9399: jasper: Assertion triggered in calcstepsizes
bnc#1020451
VUL-1: CVE-2017-5499,CVE-2017-5500,CVE-2017-5501,CVE-2017-5502: jasper: multiple crashes with UBSAN
bnc#1020456
VUL-0: CVE-2017-5503: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c)
bnc#1020458
VUL-1: CVE-2017-5504: jasper: invalid memory read in jpc_undo_roi (jpc_dec.c)
bnc#1020460
VUL-1: CVE-2017-5505: jasper: invalid memory read in jas_matrix_asl (jas_seq.c)
bnc#1045450
VUL-1: CVE-2017-9782: jasper: DoS via crafted image, related to thejp2_decode function in libjasper/jp2/jp2_dec.c.
bnc#1057152
VUL-1: CVE-2017-14132: jasper: JasPer 2.0.13 allows remote attackers to cause a denial of service(heap-based buffer over-read and application crash) via a craftedimage, related to the jas_image_ishomosamp function inlibjasper/base/jas_im
bnc#1088278
VUL-1: CVE-2018-9252: jasper: Denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.
bnc#1114498
VUL-1: CVE-2018-18873: jasper: A NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.
bnc#1115637
VUL-1: CVE-2018-19139: jasper: An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
bnc#1117328
VUL-1: CVE-2018-19543: jasper: An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.
bnc#1120805
VUL-1: CVE-2018-20622: jasper: memory leak in base/jas_malloc.c when "--output-format jp2" is used
bnc#1120807
VUL-1: CVE-2018-20570: jasper: heap-based buffer over-read in jp2_encode in jp2/jp2_enc.c
CVE-2016-9398
CVE-2016-9399
CVE-2017-5499
CVE-2017-5503
CVE-2017-5504
CVE-2017-5505
CVE-2017-9782
CVE-2017-14132
CVE-2018-9252
CVE-2018-18873
CVE-2018-19139
CVE-2018-19543
CVE-2018-20570
CVE-2018-20622
Selected Binaries
openSUSE Build Service is sponsored by
Places