Note:
This project will be discontinued after December 13, 2021. [more]
2018-11-26
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c.
Products | Ubuntu_linux, Debian_linux, Jasper, Linux_enterprise_desktop, Linux_enterprise_server |
Type | Out-of-bounds Read (CWE-125) |
First patch | - None (likely due to unavailable code) |
Links |
• https://github.com/mdadams/jasper/issues/182
• http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00025.html • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00023.html • https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html • https://www.oracle.com/security-alerts/cpuapr2020.html |