[3.6] jasper: Multiple vulnerabilities (CVE-2016-1867, CVE-2016-8654, CVE-2016-8691, CVE-2016-8692, CVE-2016-8693, CVE-2016-8882, CVE-2016-8883, CVE-2016-9560)
CVE-2016-1867 : out-of-bounds read in jpc_pi_nextcprl()
Fixed In Version: jasper 1.900.2
References:
http://seclists.org/oss-sec/2016/q1/84
Patch:
https://github.com/mdadams/jasper/commit/980da43d8d388a67cac505e734423b2a5aa4cede
CVE-2016-8654 : Heap-based buffer overflow in QMFB code in JPC codec
Fixed In Version: jasper 2.0.0
References:
https://github.com/mdadams/jasper/issues/93
https://github.com/mdadams/jasper/issues/94
Patch:
https://github.com/mdadams/jasper/commit/4a59cfaf9ab3d48fca4a15c0d2674bf7138e3d1a
CVE-2016-8691, CVE-2016-8692: missing SIZ marker segment XRsiz and YRsiz fields range check
Fixed In Version: jasper 1.900.4
Reference:
http://www.openwall.com/lists/oss-security/2016/10/16/14
Patch:
https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020
CVE-2016-8693:Double free vulnerability in the mem_close function in jas_stream.c in …
Fixed version: 1.900.10
Reference:
http://www.openwall.com/lists/oss-security/2016/10/16/14
Patch:
https://github.com/mdadams/jasper/commit/44a524e367597af58d6265ae2014468b334d0309
CVE-2016-8882: Null pointer access in jpc_pi_destroy
Fixed In Version: jasper 1.900.8
Reference:
http://seclists.org/oss-sec/2016/q4/216
Patch:
https://github.com/mdadams/jasper/commit/69a1439a5381e42b06ec6a06ed2675eb793babee
CVE-2016-8883: reachable asserts in jpc_dec_tiledecode()
Fixed In Version: jasper 1.900.8
Reference:
http://seclists.org/oss-sec/2016/q4/216
Patch:
https://github.com/mdadams/jasper/commit/33cc2cfa51a8d0fc3116d16cc1d8fc581b3f9e8d
CVE-2016-9560: Stack-based buffer overflow in jpc_tsfb.c
Fixed in Version: jasper 1.900.30
Reference:
http://www.openwall.com/lists/oss-security/2016/11/20/1
Patch:
https://github.com/mdadams/jasper/commit/1abc2e5a401a4bf1d5ca4df91358ce5df111f495
(from redmine: issue id 6876, created on 2017-02-16, closed on 2019-05-03)
- Relations:
- parent #6875
- Changesets:
- Revision 5cb610fc by Natanael Copa on 2017-02-28T13:56:40Z:
main/jasper: upgrade to 2.0.10
fixes #6876