Updated jasper packages fix security vulnerabilities
Publication date: 24 Jan 2015Type: security
Affected Mageia releases : 4
CVE: CVE-2014-8157 , CVE-2014-8158
Description
Updated jasper packages fix security vulnerabilities: An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8157). An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8158).
References
SRPMS
4/core
- jasper-1.900.1-15.3.mga4