Security update for jasper SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:2722-1 Final 1 1 2016-11-04T08:23:18Z current 2016-11-04T08:23:18Z 2016-11-04T08:23:18Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for jasper This update for jasper to version 1.900.14 fixes several issues. These security issues were fixed: - CVE-2008-3522: Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer might have allowed context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (bsc#392410) - CVE-2015-5203: Double free corruption in JasPer JPEG-2000 implementation (bsc#941919). - CVE-2015-5221: Use-after-free (and double-free) in Jasper JPEG-200 (bsc#942553). - CVE-2016-1577: Double free vulnerability in the jas_iccattrval_destroy function in JasPer allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137 (bsc#968373). - CVE-2016-2116: Memory leak in the jas_iccprof_createfrombuf function in JasPer allowed remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file (bsc#968373) - CVE-2016-8690: Null pointer dereference in bmp_getdata triggered by crafted BMP image (bsc#1005084). - CVE-2016-8691, CVE-2016-8692: Missing range check on XRsiz and YRsiz fields of SIZ marker segment (bsc#1005090). - CVE-2016-8693: The memory stream interface allowed for a buffer size of zero. The case of a zero-sized buffer was not handled correctly, as it could lead to a double free (bsc#1005242). - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox() (bsc#1006591). - CVE-2016-8881: Heap overflow in jpc_getuint16() (bsc#1006593). - CVE-2016-8882: Null pointer access in jpc_pi_destroy (bsc#1006597). - CVE-2016-8883: Assert triggered in jpc_dec_tiledecode() (bsc#1006598). - CVE-2016-8886: Memory allocation failure in jas_malloc (jas_malloc.c) (bsc#1006599). For additional change description please have a look at the changelog. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html E-Mail link for openSUSE-SU-2016:2722-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 jasper-1.900.14-163.24.1 jasper-debuginfo-1.900.14-163.24.1 jasper-debugsource-1.900.14-163.24.1 libjasper-devel-1.900.14-163.24.1 libjasper1-1.900.14-163.24.1 libjasper1-32bit-1.900.14-163.24.1 libjasper1-debuginfo-1.900.14-163.24.1 libjasper1-debuginfo-32bit-1.900.14-163.24.1 jasper-1.900.14-163.24.1 as a component of openSUSE 13.2 jasper-debuginfo-1.900.14-163.24.1 as a component of openSUSE 13.2 jasper-debugsource-1.900.14-163.24.1 as a component of openSUSE 13.2 libjasper-devel-1.900.14-163.24.1 as a component of openSUSE 13.2 libjasper1-1.900.14-163.24.1 as a component of openSUSE 13.2 libjasper1-32bit-1.900.14-163.24.1 as a component of openSUSE 13.2 libjasper1-debuginfo-1.900.14-163.24.1 as a component of openSUSE 13.2 libjasper1-debuginfo-32bit-1.900.14-163.24.1 as a component of openSUSE 13.2 Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. CVE-2008-3522 openSUSE 13.2:jasper-1.900.14-163.24.1 openSUSE 13.2:jasper-debuginfo-1.900.14-163.24.1 openSUSE 13.2:jasper-debugsource-1.900.14-163.24.1 openSUSE 13.2:libjasper-devel-1.900.14-163.24.1 openSUSE 13.2:libjasper1-1.900.14-163.24.1 openSUSE 13.2:libjasper1-32bit-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-32bit-1.900.14-163.24.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html https://www.suse.com/security/cve/CVE-2008-3522.html CVE-2008-3522 https://bugzilla.suse.com/392410 SUSE Bug 392410 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2015-5203 openSUSE 13.2:jasper-1.900.14-163.24.1 openSUSE 13.2:jasper-debuginfo-1.900.14-163.24.1 openSUSE 13.2:jasper-debugsource-1.900.14-163.24.1 openSUSE 13.2:libjasper-devel-1.900.14-163.24.1 openSUSE 13.2:libjasper1-1.900.14-163.24.1 openSUSE 13.2:libjasper1-32bit-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-32bit-1.900.14-163.24.1 moderate 1.8 AV:L/AC:M/Au:N/C:N/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html https://www.suse.com/security/cve/CVE-2015-5203.html CVE-2015-5203 https://bugzilla.suse.com/941919 SUSE Bug 941919 https://bugzilla.suse.com/942553 SUSE Bug 942553 Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. CVE-2015-5221 openSUSE 13.2:jasper-1.900.14-163.24.1 openSUSE 13.2:jasper-debuginfo-1.900.14-163.24.1 openSUSE 13.2:jasper-debugsource-1.900.14-163.24.1 openSUSE 13.2:libjasper-devel-1.900.14-163.24.1 openSUSE 13.2:libjasper1-1.900.14-163.24.1 openSUSE 13.2:libjasper1-32bit-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-32bit-1.900.14-163.24.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html https://www.suse.com/security/cve/CVE-2015-5221.html CVE-2015-5221 https://bugzilla.suse.com/942553 SUSE Bug 942553 Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137. CVE-2016-1577 openSUSE 13.2:jasper-1.900.14-163.24.1 openSUSE 13.2:jasper-debuginfo-1.900.14-163.24.1 openSUSE 13.2:jasper-debugsource-1.900.14-163.24.1 openSUSE 13.2:libjasper-devel-1.900.14-163.24.1 openSUSE 13.2:libjasper1-1.900.14-163.24.1 openSUSE 13.2:libjasper1-32bit-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-32bit-1.900.14-163.24.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html https://www.suse.com/security/cve/CVE-2016-1577.html CVE-2016-1577 https://bugzilla.suse.com/968373 SUSE Bug 968373 Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file. CVE-2016-2116 openSUSE 13.2:jasper-1.900.14-163.24.1 openSUSE 13.2:jasper-debuginfo-1.900.14-163.24.1 openSUSE 13.2:jasper-debugsource-1.900.14-163.24.1 openSUSE 13.2:libjasper-devel-1.900.14-163.24.1 openSUSE 13.2:libjasper1-1.900.14-163.24.1 openSUSE 13.2:libjasper1-32bit-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-32bit-1.900.14-163.24.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html https://www.suse.com/security/cve/CVE-2016-2116.html CVE-2016-2116 https://bugzilla.suse.com/968373 SUSE Bug 968373 The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command. CVE-2016-8690 openSUSE 13.2:jasper-1.900.14-163.24.1 openSUSE 13.2:jasper-debuginfo-1.900.14-163.24.1 openSUSE 13.2:jasper-debugsource-1.900.14-163.24.1 openSUSE 13.2:libjasper-devel-1.900.14-163.24.1 openSUSE 13.2:libjasper1-1.900.14-163.24.1 openSUSE 13.2:libjasper1-32bit-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-32bit-1.900.14-163.24.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html https://www.suse.com/security/cve/CVE-2016-8690.html CVE-2016-8690 https://bugzilla.suse.com/1005084 SUSE Bug 1005084 https://bugzilla.suse.com/1007009 SUSE Bug 1007009 The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command. CVE-2016-8691 openSUSE 13.2:jasper-1.900.14-163.24.1 openSUSE 13.2:jasper-debuginfo-1.900.14-163.24.1 openSUSE 13.2:jasper-debugsource-1.900.14-163.24.1 openSUSE 13.2:libjasper-devel-1.900.14-163.24.1 openSUSE 13.2:libjasper1-1.900.14-163.24.1 openSUSE 13.2:libjasper1-32bit-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-32bit-1.900.14-163.24.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html https://www.suse.com/security/cve/CVE-2016-8691.html CVE-2016-8691 https://bugzilla.suse.com/1005090 SUSE Bug 1005090 The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command. CVE-2016-8692 openSUSE 13.2:jasper-1.900.14-163.24.1 openSUSE 13.2:jasper-debuginfo-1.900.14-163.24.1 openSUSE 13.2:jasper-debugsource-1.900.14-163.24.1 openSUSE 13.2:libjasper-devel-1.900.14-163.24.1 openSUSE 13.2:libjasper1-1.900.14-163.24.1 openSUSE 13.2:libjasper1-32bit-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-32bit-1.900.14-163.24.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html https://www.suse.com/security/cve/CVE-2016-8692.html CVE-2016-8692 https://bugzilla.suse.com/1005090 SUSE Bug 1005090 Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command. CVE-2016-8693 openSUSE 13.2:jasper-1.900.14-163.24.1 openSUSE 13.2:jasper-debuginfo-1.900.14-163.24.1 openSUSE 13.2:jasper-debugsource-1.900.14-163.24.1 openSUSE 13.2:libjasper-devel-1.900.14-163.24.1 openSUSE 13.2:libjasper1-1.900.14-163.24.1 openSUSE 13.2:libjasper1-32bit-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-32bit-1.900.14-163.24.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html https://www.suse.com/security/cve/CVE-2016-8693.html CVE-2016-8693 https://bugzilla.suse.com/1005242 SUSE Bug 1005242 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4516. Reason: This candidate is a duplicate of CVE-2011-4516. Notes: All CVE users should reference CVE-2011-4516 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2016-8880 openSUSE 13.2:jasper-1.900.14-163.24.1 openSUSE 13.2:jasper-debuginfo-1.900.14-163.24.1 openSUSE 13.2:jasper-debugsource-1.900.14-163.24.1 openSUSE 13.2:libjasper-devel-1.900.14-163.24.1 openSUSE 13.2:libjasper1-1.900.14-163.24.1 openSUSE 13.2:libjasper1-32bit-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-32bit-1.900.14-163.24.1 moderate 4.3 AV:L/AC:M/Au:N/C:P/I:P/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html https://www.suse.com/security/cve/CVE-2016-8880.html CVE-2016-8880 https://bugzilla.suse.com/1006591 SUSE Bug 1006591 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4517. Reason: This candidate is a duplicate of CVE-2011-4517. Notes: All CVE users should reference CVE-2011-4517 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2016-8881 openSUSE 13.2:jasper-1.900.14-163.24.1 openSUSE 13.2:jasper-debuginfo-1.900.14-163.24.1 openSUSE 13.2:jasper-debugsource-1.900.14-163.24.1 openSUSE 13.2:libjasper-devel-1.900.14-163.24.1 openSUSE 13.2:libjasper1-1.900.14-163.24.1 openSUSE 13.2:libjasper1-32bit-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-32bit-1.900.14-163.24.1 moderate 4.3 AV:L/AC:M/Au:N/C:P/I:P/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html https://www.suse.com/security/cve/CVE-2016-8881.html CVE-2016-8881 https://bugzilla.suse.com/1006593 SUSE Bug 1006593 The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. CVE-2016-8882 openSUSE 13.2:jasper-1.900.14-163.24.1 openSUSE 13.2:jasper-debuginfo-1.900.14-163.24.1 openSUSE 13.2:jasper-debugsource-1.900.14-163.24.1 openSUSE 13.2:libjasper-devel-1.900.14-163.24.1 openSUSE 13.2:libjasper1-1.900.14-163.24.1 openSUSE 13.2:libjasper1-32bit-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-32bit-1.900.14-163.24.1 moderate 4.3 AV:L/AC:M/Au:N/C:P/I:P/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html https://www.suse.com/security/cve/CVE-2016-8882.html CVE-2016-8882 https://bugzilla.suse.com/1006597 SUSE Bug 1006597 The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. CVE-2016-8883 openSUSE 13.2:jasper-1.900.14-163.24.1 openSUSE 13.2:jasper-debuginfo-1.900.14-163.24.1 openSUSE 13.2:jasper-debugsource-1.900.14-163.24.1 openSUSE 13.2:libjasper-devel-1.900.14-163.24.1 openSUSE 13.2:libjasper1-1.900.14-163.24.1 openSUSE 13.2:libjasper1-32bit-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-32bit-1.900.14-163.24.1 low 1.8 AV:L/AC:M/Au:N/C:N/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html https://www.suse.com/security/cve/CVE-2016-8883.html CVE-2016-8883 https://bugzilla.suse.com/1006598 SUSE Bug 1006598 The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure. CVE-2016-8886 openSUSE 13.2:jasper-1.900.14-163.24.1 openSUSE 13.2:jasper-debuginfo-1.900.14-163.24.1 openSUSE 13.2:jasper-debugsource-1.900.14-163.24.1 openSUSE 13.2:libjasper-devel-1.900.14-163.24.1 openSUSE 13.2:libjasper1-1.900.14-163.24.1 openSUSE 13.2:libjasper1-32bit-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-1.900.14-163.24.1 openSUSE 13.2:libjasper1-debuginfo-32bit-1.900.14-163.24.1 low 1.8 AV:L/AC:M/Au:N/C:N/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html https://www.suse.com/security/cve/CVE-2016-8886.html CVE-2016-8886 https://bugzilla.suse.com/1006599 SUSE Bug 1006599