Advisories » MGASA-2015-0038

Updated jasper packages fix security vulnerabilities

Publication date: 24 Jan 2015
Modification date: 24 Jan 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-8157 , CVE-2014-8158

Description

Updated jasper packages fix security vulnerabilities:

An off-by-one flaw, leading to a heap-based buffer overflow, was found in
the way JasPer decoded JPEG 2000 image files. A specially crafted file
could cause an application using JasPer to crash or, possibly, execute
arbitrary code (CVE-2014-8157).

An unrestricted stack memory use flaw was found in the way JasPer decoded
JPEG 2000 image files. A specially crafted file could cause an application
using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8158).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15122
• http://www.ocert.org/advisories/ocert-2015-001.html
• https://rhn.redhat.com/errata/RHSA-2015-0074.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8157
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8158

SRPMS

4/core

• jasper-1.900.1-15.3.mga4