DescriptionOut of bounds heap read in jpc_pi_nextpcrl()
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
jasper (PTS)wheezy1.900.1-13+deb7u4vulnerable
wheezy (security)1.900.1-13+deb7u6vulnerable
jessie (security), jessie1.900.1-debian1-2.4+deb8u3vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs

Fixed by
The issue exists due to an overflow check which is not present
in Wheezy and Jessie. However it makes sense to implement this check.
This can be done when more important issues are found [wheezy].
Not suitable for code injection, hardly denial of service

Search for package or bug name: Reporting problems