Note:
This project will be discontinued after December 13, 2021. [more]
2018-11-26
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c.
Products | Debian_linux, Jasper, Linux_enterprise_desktop, Linux_enterprise_server |
Type | Out-of-bounds Write (CWE-787) |
First patch | - None (likely due to unavailable code) |
Links |
• http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00025.html
• https://www.oracle.com/security-alerts/cpuapr2020.html • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00023.html • https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html • https://github.com/mdadams/jasper/issues/182 |