File _patchinfo of Package patchinfo.16208

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.16208

<patchinfo incident="16208">
  <issue tracker="bnc" id="1010979">VUL-0: CVE-2016-9398: jasper: jpc_math.c:94: int  jpc_floorlog2(int): Assertion 'x &gt; 0' failed.</issue>
  <issue tracker="bnc" id="1010980">VUL-1: CVE-2016-9399: jasper: Assertion triggered in calcstepsizes</issue>
  <issue tracker="bnc" id="1020451">VUL-1: CVE-2017-5499,CVE-2017-5500,CVE-2017-5501,CVE-2017-5502: jasper: multiple crashes with UBSAN</issue>
  <issue tracker="bnc" id="1020456">VUL-0: CVE-2017-5503: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c)</issue>
  <issue tracker="bnc" id="1020458">VUL-1: CVE-2017-5504: jasper: invalid memory read in jpc_undo_roi (jpc_dec.c)</issue>
  <issue tracker="bnc" id="1020460">VUL-1: CVE-2017-5505: jasper: invalid memory read in jas_matrix_asl (jas_seq.c)</issue>
  <issue tracker="bnc" id="1045450">VUL-1: CVE-2017-9782: jasper: DoS via crafted image, related to thejp2_decode function in libjasper/jp2/jp2_dec.c.</issue>
  <issue tracker="bnc" id="1057152">VUL-1: CVE-2017-14132: jasper: JasPer 2.0.13 allows remote attackers to cause a denial of service(heap-based buffer over-read and application crash) via a craftedimage, related to the jas_image_ishomosamp function inlibjasper/base/jas_im</issue>
  <issue tracker="bnc" id="1088278">VUL-1: CVE-2018-9252: jasper: Denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.</issue>
  <issue tracker="bnc" id="1114498">VUL-1: CVE-2018-18873: jasper: A NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.</issue>
  <issue tracker="bnc" id="1115637">VUL-1: CVE-2018-19139: jasper: An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.</issue>
  <issue tracker="bnc" id="1117328">VUL-1: CVE-2018-19543: jasper: An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.</issue>
  <issue tracker="bnc" id="1120805">VUL-1: CVE-2018-20622: jasper: memory leak in base/jas_malloc.c when "--output-format jp2" is used</issue>
  <issue tracker="bnc" id="1120807">VUL-1: CVE-2018-20570: jasper: heap-based buffer over-read in jp2_encode in jp2/jp2_enc.c</issue>
  <issue tracker="cve" id="2016-9398"/>
  <issue tracker="cve" id="2016-9399"/>
  <issue tracker="cve" id="2017-5499"/>
  <issue tracker="cve" id="2017-5503"/>
  <issue tracker="cve" id="2017-5504"/>
  <issue tracker="cve" id="2017-5505"/>
  <issue tracker="cve" id="2017-9782"/>
  <issue tracker="cve" id="2017-14132"/>
  <issue tracker="cve" id="2018-9252"/>
  <issue tracker="cve" id="2018-18873"/>
  <issue tracker="cve" id="2018-19139"/>
  <issue tracker="cve" id="2018-19543"/>
  <issue tracker="cve" id="2018-20570"/>
  <issue tracker="cve" id="2018-20622"/>
  <packager>mvetter</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for jasper</summary>
  <description>This update for jasper fixes the following issues:

- CVE-2016-9398: Improved patch for already fixed issue (bsc#1010979).
- CVE-2016-9399: Fix assert in calcstepsizes (bsc#1010980).
- CVE-2017-5499: Validate component depth bit (bsc#1020451).
- CVE-2017-5503: Check bounds in jas_seq2d_bindsub() (bsc#1020456).
- CVE-2017-5504: Check bounds in jas_seq2d_bindsub() (bsc#1020458).
- CVE-2017-5505: Check bounds in jas_seq2d_bindsub() (bsc#1020460).
- CVE-2017-14132: Fix heap base overflow in by checking components (bsc#1057152).
- CVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize (bsc#1088278).
- CVE-2018-18873: Fix null pointer deref in ras_putdatastd (bsc#1114498).
- CVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms (bsc#1115637).
- CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup (bsc#1117328).
- CVE-2018-20570: Fix heap based buffer over-read in jp2_encode (bsc#1120807).
- CVE-2018-20622: Fix memory leak in jas_malloc.c (bsc#1120805).
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.16208

Places