Updated jasper packages fix security vulnerabilities
Publication date: 12 May 2019Modification date: 12 May 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2016-9398 , CVE-2018-19542 , CVE-2018-19539
Description
Updated jasper packages fix security vulnerabilities: The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors (CVE-2016-9398). A denial of service in jp2_decode (CVE-2018-19542). A denial of service in jas_image_readcmpt (CVE-2018-19539).
References
SRPMS
6/core
- jasper-1.900.23-5.2.mga6