testing jasper for Wheezy LTS
Hi everybody,
I uploaded version 1.900.1-13+deb7u6 of jasper to:
https://people.debian.org/~alteholz/packages/wheezy-lts/jasper/amd64/
Please give it a try and tell me about any problems you met. If you use
jasper for your own projects, I would be also interested whether you can
still build it with that new version.
Thanks!
Thorsten
* CVE-2016-9591
Use-after-free on heap in jas_matrix_destroy
The vulnerability exists in code responsible for re-encoding the
decoded input image file to a JP2 image. The vulnerability is
caused by not setting related pointers to be null after the
pointers are freed (i.e. missing Setting-Pointer-Null operations
after free). The vulnerability can further cause double-free.
* CVE-2016-10251
Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in
JasPer before 1.900.20 allows remote attackers to have unspecified
impact via a crafted file, which triggers use of an uninitialized
value.
* fix for TEMP-CVE from last upload to avoid hassle with SIZE_MAX
Reply to: