Advisories » MGASA-2014-0539

Updated jasper packages fix security vulnerabilities

Publication date: 19 Dec 2014
Modification date: 19 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-8137 , CVE-2014-8138

Description

Updated jasper packages fix security vulnerabilities:

A double free flaw was found in the way JasPer parsed ICC color profiles in
JPEG 2000 image files. A specially crafted file could cause an application
using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8137).

A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG
2000 image files. A specially crafted file could cause an application using
JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8138).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14845
• http://www.ocert.org/advisories/ocert-2014-012.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8137
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8138

SRPMS

4/core

• jasper-1.900.1-15.2.mga4