Red Hat Security Advisory: jasper security update
🔗 CVE IDs covered (30)
📋 Description
CVE-2015-5203 — jasper: integer overflow in jas_image_cmpt_create() CVE-2015-5221 — jasper: use-after-free and double-free flaws in mif_process_cmpt() CVE-2016-1577 — jasper: double free issue in jas_iccattrval_destroy() CVE-2016-1867 — jasper: out-of-bounds read in jpc_pi_nextcprl() CVE-2016-2089 — jasper: matrix rows_ NULL pointer dereference in jas_matrix_clip() CVE-2016-2116 — jasper: memory leak in jas_iccprof_createfrombuf() CVE-2016-8654 — jasper: heap-based buffer overflow in QMFB code in JPC codec CVE-2016-8690 — jasper: missing jas_matrix_create() parameter checks CVE-2016-8691 — jasper: missing SIZ marker segment XRsiz and YRsiz fields range check CVE-2016-8692 — jasper: missing SIZ marker segment XRsiz and YRsiz fields range check CVE-2016-8693 — jasper: incorrect handling of bufsize 0 in mem_resize() CVE-2016-8883 — jasper: reachable asserts in jpc_dec_tiledecode() CVE-2016-8884 — jasper: missing jas_matrix_create() parameter checks CVE-2016-8885 — jasper: missing jas_matrix_create() parameter checks CVE-2016-9262 — jasper: integer truncation in jas_image_cmpt_create() CVE-2016-9387 — jasper: integer overflow in jpc_dec_process_siz() CVE-2016-9388 — jasper: reachable assertions in RAS encoder/decoder CVE-2016-9389 — jasper: reachable assertions caused by insufficient component domains checks in ICT/RCT in JPC codec CVE-2016-9390 — jasper: insufficient SIZ marker tilexoff and tileyoff checks CVE-2016-9391 — jasper: reachable assertions in the JPC bitstream code CVE-2016-9392 — jasper: insufficient SIZ marker segment data sanity checks CVE-2016-9393 — jasper: insufficient SIZ marker segment data sanity checks CVE-2016-9394 — jasper: insufficient SIZ marker segment data sanity checks CVE-2016-9560 — jasper: stack-based buffer overflow in jpc_dec_tileinit() CVE-2016-9583 — jasper: integer overflows leading to out of bounds read in packet iterators in JPC decoder CVE-2016-9591 — jasper: use-after-free / double-free in JPC encoder CVE-2016-9600 — jasper: JP2 encoder NULL pointer dereference due to uninitialized cmprof_ CVE-2016-10248 — jasper: NULL pointer dereference in jpc_tsfb_synthesize() CVE-2016-10249 — jasper: integer overflow in jas_matrix_create() CVE-2016-10251 — jasper: integer overflow in jpc_pi_nextcprl(), leading to out-of-bounds read
🔗 References (28)
- selfhttps://access.redhat.com/errata/RHSA-2017:1208
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1254242
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1255710
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1298135
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1302636
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1314466
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1314472
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1385499
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1385502
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1385507
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1388840
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1388870
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1393882
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1396959
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1396962
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1396963
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1396965
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1396967
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1396971
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1398256
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1399167
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1405148
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1406405
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1410026
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1434447
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1434461
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1208.json