Information on source package jasper

Available versions

wheezy (security)1.900.1-13+deb7u5
jessie (security)1.900.1-debian1-2.4+deb8u2

Open issues

TEMP-0000000-D1720Fvulnerablevulnerablejasper: heap-based buffer overflow in jpc_dec_decodepkt (jpc_t2dec.c)
TEMP-0000000-03CA50fixedvulnerableheap-based buffer overflow in jpc_dec_tiledecode (jpc_dec.c)
CVE-2016-9591vulnerablevulnerableUse-after-free on heap in jas_matrix_destroy
CVE-2016-9557vulnerable (no DSA)vulnerable (no DSA)signed integer overflow in jas_image.c
CVE-2016-8886vulnerable (no DSA)vulnerable (no DSA)memory allocation failure in jas_malloc (jas_malloc.c)
CVE-2016-8690vulnerable (no DSA)vulnerable (no DSA)The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before ...
CVE-2016-1867vulnerable (no DSA)fixedThe jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers ...
CVE-2015-5221vulnerable (no DSA)vulnerable (no DSA)use-after-free in mif_process_cmpt
CVE-2015-5203vulnerable (no DSA)vulnerable (no DSA)double free triggered by jasper_image_stop_load function

Open unimportant issues

TEMP-0000000-69EE47vulnerablevulnerablejasper: invalid memory read in jas_matrix_bindsub (jas_seq.c)
TEMP-0000000-2F496Evulnerablevulnerablejasper: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c)
CVE-2016-9600vulnerablevulnerableNull Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder
CVE-2016-9583vulnerablevulnerableOut of bounds heap read in jpc_pi_nextpcrl()
CVE-2016-9399vulnerablevulnerablejpc_dec.c:1650: void calcstepsizes(uint_fast16_t, int, uint_fast16_t *): Assertion `!((expn + (numrlvls - 1) - (numrlvls - 1 - ((bandno > 0) ? ((bandno + 2) / 3) : (0)))) & (~0x1f))' failed.
CVE-2016-9398vulnerablevulnerablejpc_math.c:94: int jpc_floorlog2(int): Assertion `x > 0' failed.
CVE-2016-9397vulnerablevulnerablejpc_dec.c:1817: void jpc_dequantize(jas_matrix_t *, jpc_fix_t): Assertion `absstepsize >= 0' failed.
CVE-2016-9396vulnerablevulnerablejpc_t1cod.c:144: int JPC_NOMINALGAIN(int, int, int, int): Assertion `qmfbid == 0x01' failed.
CVE-2016-9395vulnerablevulnerablejas_seq.c:90: jas_matrix_t *jas_seq2d_create(int, int, int, int): Assertion `xstart <= xend && ystart <= yend' failed.
CVE-2016-9391vulnerablevulnerablejpc_bs.c:197: long jpc_bitstream_getbits(jpc_bitstream_t *, int): Assertion `n >= 0 && n < 32' failed.
CVE-2016-9390vulnerablevulnerablejas_seq.c:90: jas_matrix_t *jas_seq2d_create(int, int, int, int): Assertion `xstart <= xend && ystart <= yend' failed.
CVE-2016-9388vulnerablevulnerableras_dec.c:330: int ras_getcmap(jas_stream_t *, ras_hdr_t *, ras_cmap_t *): Assertion `numcolors <= 256' failed.
CVE-2016-9387vulnerablevulnerablejas_seq.c:90: jas_matrix<= yend' failed.
CVE-2016-8887fixedvulnerableNULL pointer dereference in jp2_colr_destroy (jp2_cod.c)
CVE-2016-8883fixedvulnerableThe jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 ...

Resolved issues

TEMP-0000000-B1F48BNULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (incomplete fix for CVE-2016-8887)
CVE-2016-9560Stack-based buffer overflow in the jpc_tsfb_getbands2 function in ...
CVE-2016-9262use after free in jas_realloc (jas_malloc.c)
CVE-2016-8882The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer ...
CVE-2016-8693Double free vulnerability in the mem_close function in jas_stream.c in ...
CVE-2016-8692The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer ...
CVE-2016-8691The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer ...
CVE-2016-8654Heap-based buffer overflow in QMFB code in JPC codec
CVE-2016-2116Memory leak in the jas_iccprof_createfrombuf function in JasPer ...
CVE-2016-2089The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows ...
CVE-2016-1577Double free vulnerability in the jas_iccattrval_destroy function in ...
CVE-2014-9029Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) ...
CVE-2014-8158Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 ...
CVE-2014-8157Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 ...
CVE-2014-8138Heap-based buffer overflow in the jp2_decode function in JasPer ...
CVE-2014-8137Double free vulnerability in the jas_iccattrval_destroy function in ...
CVE-2011-4517The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer ...
CVE-2011-4516Heap-based buffer overflow in the jpc_cox_getcompparms function in ...
CVE-2008-3522Buffer overflow in the jas_stream_printf function in ...
CVE-2008-3521Race condition in the jas_stream_tmpfile function in ...
CVE-2008-3520Multiple integer overflows in JasPer 1.900.1 might allow ...
CVE-2007-2721The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer ...

Security announcements

DSA / DLADescription
DSA-3785-1jasper - security update
DLA-739-1jasper - security update
DSA-3508-1jasper - security update
DSA-3508-1jasper - security update
DLA-138-1jasper - security update
DSA-3138-1jasper - security update
DLA-121-1jasper - security update
DSA-3106-1jasper - security update
DLA-101-1jasper - security update
DSA-3089-1jasper - security update
DSA-2371-1jasper - buffer overflows
DSA-2371-1jasper - buffer overflows
DSA-2036-1jasper - denial of service

Search for package or bug name: Reporting problems