Advisories » MGASA-2016-0298

Updated jasper packages fix security vulnerability

Publication date: 16 Sep 2016
Modification date: 08 Sep 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-5203 , CVE-2015-5221

Description

A double-free issue in JasPer 1.900.1 in the jasper_image_stop_load()
function can cause a denial of service if a specially crafted JPEG image
is loaded (CVE-2015-5203).

A use-after-free which leads to double-free vulnerability was found in
Jasper JPEG-2000 library, in src/libjasper/mif/mif_cod.c file
(CVE-2015-5221).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17622
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UNLVBZWDEXZCFWOBZ3YVEQINMRBRX5QV/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5203
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5221

SRPMS

5/core

• jasper-1.900.1-20.5.mga5