| Revision Date: | 2015-02-03 | Version: | 1 |
| Title: | Security update for jasper |
| Description: |
This update for jasper fixes the following security issues:
*
CVE-2014-8137: Double free in jas_iccattrval_destroy(). Double call to free() allowed attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. (bsc#909474)
*
CVE-2014-8138: Heap overflow in jas_decode(). This could be used to do an arbitrary write and could result in arbitrary code execution. (bsc#909475)
*
CVE-2014-8157: Off-by-one error in the jpc_dec_process_sot(). Could allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow. (bsc#911837)
*
CVE-2014-8158: Multiple stack-based buffer overflows in jpc_qmfb.c. Could allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image. (bsc#911837)
Security Issues:
* CVE-2014-8138 * CVE-2014-8137 * CVE-2014-8157 * CVE-2014-8158
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 909474
909475
911837
CVE-2014-8137
CVE-2014-8138
SUSE-SU-2015:0258-1
|
| Platform(s): | SUSE Linux Enterprise Desktop 11 SP3
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information
libjasper-1.900.1-134.17.1 is installed
OR libjasper-32bit-1.900.1-134.17.1 is installed
|