CVE-2016-1577

Synopsis Important: jasper security update Type/Severity Security Advisory: Important Topic An update for jasper is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scor ...

Several security issues were fixed in JasPer ...

Several vulnerabilities were discovered in JasPer, a library for manipulating JPEG-2000 files The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-1577 Jacob Baines discovered a double-free flaw in the jas_iccattrval_destroy function A remote attacker could exploit this flaw to cause an applica ...

Debian Bug report logs - #816625 jasper: CVE-2016-1577: double free vulnerability in the jas_iccattrval_destroy function Package: src:jasper; Maintainer for src:jasper is Roland Stigge <stigge@antcomde>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 3 Mar 2016 15:12:02 UTC Severity: grave Tags: j ...

Debian Bug report logs - #816626 jasper: CVE-2016-2116: memory leak in the jas_iccprof_createfrombuf function Package: src:jasper; Maintainer for src:jasper is Roland Stigge <stigge@antcomde>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 3 Mar 2016 15:12:18 UTC Severity: important Tags: jessie, ...

Debian Bug report logs - #812978 jasper: CVE-2016-2089: matrix rows_ NULL pointer dereference in jas_matrix_clip() Package: src:jasper; Maintainer for src:jasper is Roland Stigge <stigge@antcomde>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 28 Jan 2016 10:03:07 UTC Severity: important Tags: jes ...

Multiple flaws were found in the way JasPer decoded JPEG 2000 image files Aspecially crafted file could cause an application using JasPer to crash or,possibly, execute arbitrary code ( CVE-2016-8654, CVE-2016-9560, CVE-2016-10249,CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690, CVE-2016-8693,CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, ...

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 19001 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137 ...