Advisories ยป MGASA-2016-0298

Updated jasper packages fix security vulnerability

Publication date: 16 Sep 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-5203 , CVE-2015-5221

Description

A double-free issue in JasPer 1.900.1 in the jasper_image_stop_load()
function can cause a denial of service if a specially crafted JPEG image
is loaded (CVE-2015-5203).

A use-after-free which leads to double-free vulnerability was found in
Jasper JPEG-2000 library, in src/libjasper/mif/mif_cod.c file
(CVE-2015-5221).
                

References

SRPMS

5/core