[ MDVSA-2015:159 ] jasper

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:159
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : jasper
 Date    : March 29, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated jasper packages fix security vulnerabilities:
 
 Josh Duart of the Google Security Team discovered heap-based buffer
 overflow flaws in JasPer, which could lead to denial of service
 (application crash) or the execution of arbitrary code (CVE-2014-9029).
 
 A double free flaw was found in the way JasPer parsed ICC color
 profiles in JPEG 2000 image files. A specially crafted file could
 cause an application using JasPer to crash or, possibly, execute
 arbitrary code (CVE-2014-8137).
 
 A heap-based buffer overflow flaw was

007 Software

[ MDVSA-2015:159 ] jasper

Leave a Reply Cancel reply

Software and Security Information