Advisories ยป MGASA-2016-0059

Updated jasper packages fix CVE-2016-1867

Publication date: 09 Feb 2016
Modification date: 09 Feb 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1867

Description

Updated jasper packages fix security vulnerabilities:

The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to
cause a denial of service (out-of-bounds read and application crash) via a
crafted JPEG 2000 image (CVE-2016-1867).

References

SRPMS

5/core