[ MDVSA-2015:034 ] jasper

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:034
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : jasper
 Date    : February 6, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated jasper packages fix security vulnerabilities:
 
 An off-by-one flaw, leading to a heap-based buffer overflow, was found
 in the way JasPer decoded JPEG 2000 image files. A specially crafted
 file could cause an application using JasPer to crash or, possibly,
 execute arbitrary code (CVE-2014-8157).
 
 An unrestricted stack memory use flaw was found in the way JasPer
 decoded JPEG 2000 image files. A specially crafted file could cause
 an application using JasPer to crash or, possibly, execute arbitrary
 code (CVE-2014-81

007 Software

[ MDVSA-2015:034 ] jasper

Leave a Reply Cancel reply

Software and Security Information