Advisories ยป MGASA-2019-0167

Updated jasper packages fix security vulnerabilities

Publication date: 12 May 2019
Modification date: 12 May 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2016-9398 , CVE-2018-19542 , CVE-2018-19539

Description

Updated jasper packages fix security vulnerabilities:

The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17
allows remote attackers to cause a denial of service (assertion failure)
via unspecified vectors (CVE-2016-9398).

A denial of service in jp2_decode (CVE-2018-19542).

A denial of service in jas_image_readcmpt (CVE-2018-19539).
                

References

SRPMS

6/core