Updated jasper packages fix security vulnerability
Publication date: 16 Sep 2016Modification date: 08 Sep 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-5203 , CVE-2015-5221
Description
A double-free issue in JasPer 1.900.1 in the jasper_image_stop_load() function can cause a denial of service if a specially crafted JPEG image is loaded (CVE-2015-5203). A use-after-free which leads to double-free vulnerability was found in Jasper JPEG-2000 library, in src/libjasper/mif/mif_cod.c file (CVE-2015-5221).
References
SRPMS
5/core
- jasper-1.900.1-20.5.mga5