File _patchinfo of Package patchinfo.3843

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.3843

<patchinfo incident="3843">
  <packager>fstrba</packager>
  <issue tracker="bnc" id="1012530">VUL-0: CVE-2016-8654: jasper: Heap-based buffer overflow in QMFB code in JPC codec</issue>
  <issue tracker="bnc" id="1010979">VUL-0: CVE-2016-9398: jasper: jpc_math.c:94: int  jpc_floorlog2(int): Assertion `x &gt; 0′ failed.</issue>
  <issue tracker="bnc" id="1010977">VUL-0: CVE-2016-9395: jasper: jas_seq.c:90:  jas_matrix_t *jas_seq2d_create(int, int, int, int): Assertion `xstart &lt;= xend  &amp;&amp; ystart &lt;= yend' failed.</issue>
  <issue tracker="bnc" id="1011830">VUL-0: CVE-2016-9560: jasper: stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c)</issue>
  <issue tracker="bnc" id="1015993">VUL-0: CVE-2016-9591: jasper: Use-after-free on heap in jas_matrix_destroy</issue>
  <issue tracker="cve" id="2016-8654"></issue>
  <issue tracker="cve" id="2016-9398"></issue>
  <issue tracker="cve" id="2016-9560"></issue>
  <issue tracker="cve" id="2016-9395"></issue>
  <issue tracker="cve" id="2016-9591"></issue>
  <category>security</category>
  <rating>important</rating>
  <summary>Security update for jasper</summary>
  <description>
This update for jasper fixes the following issues:

- CVE-2016-8654: Heap-based buffer overflow in QMFB code in JPC codec. (bsc#1012530)
- CVE-2016-9395: Invalid jasper files could lead to abort of the library caused by attacker provided image. (bsc#1010977)
- CVE-2016-9398: Invalid jasper files could lead to abort of the library caused by attacker provided image. (bsc#1010979)
- CVE-2016-9560: Stack-based buffer overflow in jpc_tsfb_getbands2. (bsc#1011830)
- CVE-2016-9591: Use-after-free on heap in jas_matrix_destroy. (bsc#1015993)
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.3843

Places