[3.3] jasper: Security issues (CVE-2016-1577, CVE-2016-2089, CVE-2016-2116)
CVE-2016-1577:
A double free vulnerability in jas_iccattrval_destroy function in
JasPer 1.900.1 and earlier
allowing remote attackers to cause a denial of service (crash) or
possibly execute arbitrary
code via a crafted ICC color profile in a JPEG 2000 image file was
found.
CVE-2016-2089:
The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows
remote
attackers to cause a denial of service (invalid read and application
crash)
via a crafted JPEG 2000 image.
CVE-2016-2116:
Memory leak in jas_iccprof_createfrombuf function in JasPer 1.900.1
and earlier was found,
allowing remote attackers to cause a denial of service (memory
consumption) via a crafted
ICC color profile in a JPEG 2000 image file.
References:
http://seclists.org/oss-sec/2016/q1/507
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-2089
http://seclists.org/oss-sec/2016/q1/233
http://seclists.org/oss-sec/2016/q1/235
Patches:
http://seclists.org/oss-sec/2016/q1/att-507/CVE-2016-1577.patch
https://bugzilla.redhat.com/attachment.cgi?id=1120247 (CVE-2016-2089)
http://seclists.org/oss-sec/2016/q1/att-507/CVE-2016-2116.patch
(from redmine: issue id 5233, created on 2016-03-08, closed on 2016-03-14)
- Relations:
- child #5234 (closed)
- parent #5231 (closed)
- Changesets:
- Revision aad6049e on 2016-03-11T15:11:58Z:
main/jasper: security fixes (CVE-2016-1577, CVE-2016-2089, CVE-2016-2116). Fixes #5233
(cherry picked from commit 244e4d797e740c7fedf8e3e9df9d9d85859b11b4)