GitLab

CVE-2016-1867 : out-of-bounds read in jpc_pi_nextcprl()

Fixed In Version: jasper 1.900.2

References:

http://seclists.org/oss-sec/2016/q1/84

Patch:

https://github.com/mdadams/jasper/commit/980da43d8d388a67cac505e734423b2a5aa4cede

CVE-2016-8654 : Heap-based buffer overflow in QMFB code in JPC codec

Fixed In Version: jasper 2.0.0

References:

https://github.com/mdadams/jasper/issues/93
https://github.com/mdadams/jasper/issues/94

Patch:

https://github.com/mdadams/jasper/commit/4a59cfaf9ab3d48fca4a15c0d2674bf7138e3d1a

CVE-2016-8691, CVE-2016-8692: missing SIZ marker segment XRsiz and YRsiz fields range check

Fixed In Version: jasper 1.900.4

Reference:

http://www.openwall.com/lists/oss-security/2016/10/16/14

Patch:

https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020

CVE-2016-8693:Double free vulnerability in the mem_close function in jas_stream.c in …

Fixed version: 1.900.10

Reference:

http://www.openwall.com/lists/oss-security/2016/10/16/14

Patch:

https://github.com/mdadams/jasper/commit/44a524e367597af58d6265ae2014468b334d0309

CVE-2016-8882: Null pointer access in jpc_pi_destroy

Fixed In Version: jasper 1.900.8

Reference:

http://seclists.org/oss-sec/2016/q4/216

Patch:

https://github.com/mdadams/jasper/commit/69a1439a5381e42b06ec6a06ed2675eb793babee

CVE-2016-8883: reachable asserts in jpc_dec_tiledecode()

Fixed In Version: jasper 1.900.8

Reference:

http://seclists.org/oss-sec/2016/q4/216

Patch:

https://github.com/mdadams/jasper/commit/33cc2cfa51a8d0fc3116d16cc1d8fc581b3f9e8d

CVE-2016-9560: Stack-based buffer overflow in jpc_tsfb.c

Fixed in Version: jasper 1.900.30

Reference:

http://www.openwall.com/lists/oss-security/2016/11/20/1

Patch:

https://github.com/mdadams/jasper/commit/1abc2e5a401a4bf1d5ca4df91358ce5df111f495

(from redmine: issue id 6876, created on 2017-02-16, closed on 2019-05-03)

• Relations:
  • parent #6875
• Changesets:
  • Revision 5cb610fc by Natanael Copa on 2017-02-28T13:56:40Z:

main/jasper: upgrade to 2.0.10

fixes #6876