jasper
Mandriva Linux Security Advisory MDVSA-2009:142-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : jasper
Date : December 3, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2009:142
http://www.mandriva.com/security/
_______________________________________________________________________
Package : jasper
Date : June 26, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 4.0
_______________________________________________________________________
Problem Description:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: JasPer: User-assisted execution of arbitrary code
Date: December 16, 2008
Bugs: #222819
ID: 200812-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Mandriva Linux Security Advisory MDVSA-2009:164
http://www.mandriva.com/security/
_______________________________________________________________________
Package : jasper
Date : July 28, 2009
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Heap-based overflow in Ghostscript's JBIG2 decoding library allows
attackers to cause denial of service and possibly to execute arbitrary
code by using a crafted PDF file (CVE-2009-0196).
Multiple integer overflows in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via a crafted
image file, related to integer multiplication for memory allocation
(CVE-2008-3520).
Buffer overflow in the jas_stream_printf function in
Problem Description:
Multiple security vulnerabilities has been identified and fixed
in ghostscript:
Multiple integer overflows in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via a crafted
image file, related to integer multiplication for memory allocation
(CVE-2008-3520).
Buffer overflow in the jas_stream_printf function in
Problem Description:
Multiple security vulnerabilities has been identified and fixed
in ghostscript:
Multiple integer overflows in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via a crafted
image file, related to integer multiplication for memory allocation
(CVE-2008-3520).
Buffer overflow in the jas_stream_printf function in
===========================================================
Ubuntu Security Notice USN-742-1 March 19, 2009
jasper vulnerabilities
CVE-2008-3520, CVE-2008-3521, CVE-2008-3522
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Debian Security Advisory DSA-2036-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
April 17, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : jasper
Vulnerability : programming error
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2007-2721
Debian Bug : 528543
In general, a standard system upgrade is sufficient to affect the
necessary changes.
Details follow:
USN-501-1 fixed vulnerabilities in Jasper. This update provides the
corresponding update for the Jasper internal to Ghostscript.
Original advisory details:
It was discovered that Jasper did not correctly handle corrupted JPEG2000
===========================================================
Ubuntu Security Notice USN-501-1 August 20, 2007
jasper vulnerability
CVE-2007-2721
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Problem Description:
Multiple security vulnerabilities has been identified and fixed
in netpbm:
Multiple integer overflows in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via a crafted
image file, related to integer multiplication for memory allocation
(CVE-2008-3520).
Buffer overflow in the jas_stream_printf function in
Problem Description:
Multiple security vulnerabilities has been identified and fixed
in netpbm:
Multiple integer overflows in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via a crafted
image file, related to integer multiplication for memory allocation
(CVE-2008-3520).
Buffer overflow in the jas_stream_printf function in
Affected: 2008.0
_______________________________________________________________________
Problem Description:
A function in the JasPer JPEG-2000 library before 1.900 could allow
a remote user-assisted attack to cause a crash and possibly corrupt
the heap via malformed image files.
Newer versions of ghostscript contain an embedded copy of libjasper
and as such is vulnerable to this issue.
Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A function in the JasPer JPEG-2000 library before 1.900 could allow
a remote user-assisted attack to cause a crash and possibly corrupt
the heap via malformed image files.
netpbm contains an embedded copy of libjasper and as such is vulnerable
to this issue.
|
