UbuntuUpdates.org

Package "jasper"

Name: jasper

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Programs for manipulating JPEG-2000 files
Latest version: 1.900.1-debian1-2.4ubuntu1.3
Release: xenial (16.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "jasper" in Xenial

Repository Area Version
base main 0.69
base universe 1.900.1-debian1-2.4ubuntu1
security main 1.900.1-debian1-2.4ubuntu1.3
security universe 1.900.1-debian1-2.4ubuntu1.3
updates main 1.900.1-debian1-2.4ubuntu1.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.900.1-debian1-2.4ubuntu1.3 2021-01-11 16:06:16 UTC

  jasper (1.900.1-debian1-2.4ubuntu1.3) xenial-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2018-18873.patch: check components for RGB,
      fixes NULL pointer deference in src/libjasper/ras/ras_enc.c.
    - CVE-2018-18873
  * SECURITY UPDATE: Null pointer dereference
    - debian/patches/CVE-2018-19542-and-CVE-2017-9782.patch: fix numchans mixup,
      NULL dereference in src/libjasper/jp2/jp2_dec.c.
    - CVE-2018-19542
    - CVE-2017-9782
  * SECURITY UPDATE: Out of bounds write
    - debian/patches/CVE-2020-27828.patch: avoid maxrlvls more
      than upper bound to cause heap-buffer-overflow in
      src/libjasper/jpc/jpc_enc.c.
    - CVE-2020-27828

 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 08 Jan 2021 11:19:23 -0300
Source diff to previous version
CVE-2018-18873 An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.
CVE-2018-19542 An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a den
CVE-2017-9782 JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related t
CVE-2020-27828 There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-b

Version: 1.900.1-debian1-2.4ubuntu1.2 2018-06-27 19:06:58 UTC

  jasper (1.900.1-debian1-2.4ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: double-free in jasper_image_stop_load
    - debian/patches/CVE-2015-5203-CVE-2016-9262.patch: fix overflow and
      double free in src/libjasper/base/jas_image.c,
      src/libjasper/include/jasper/jas_math.h.
      (Thanks to Red Hat for the patch!)
    - CVE-2015-5203
  * SECURITY UPDATE: use-after-free in mif_process_cmpt
    - debian/patches/CVE-2015-5221.patch: fix use-after-free in
      src/libjasper/mif/mif_cod.c.
    - CVE-2015-5221
  * SECURITY UPDATE: denial of service in jpc_tsfb_synthesize
    - debian/patches/CVE-2016-10248.patch: fix type promotion and prevent
      null pointer dereference in src/libjasper/include/jasper/jas_seq.h,
      src/libjasper/jpc/jpc_dec.c, src/libjasper/jpc/jpc_tsfb.c.
    - CVE-2016-10248
  * SECURITY UPDATE: denial of service in jp2_colr_destroy
    - debian/patches/CVE-2016-10250.patch: fix cleanup in
      src/libjasper/jp2/jp2_cod.c.
    - CVE-2016-10250
  * SECURITY UPDATE: denial of service in jpc_dec_tiledecode
    - debian/patches/CVE-2016-8883.patch: remove asserts in
      src/libjasper/jpc/jpc_dec.c.
    - CVE-2016-8883
  * SECURITY UPDATE: denial of service in jp2_colr_destroy
    - debian/patches/CVE-2016-8887.patch: don't destroy box that doesn't
      exist in src/libjasper/jp2/jp2_cod.c, src/libjasper/jp2/jp2_dec.c.
    - CVE-2016-8887
  * SECURITY UPDATE: integer overflow in jpc_dec_process_siz
    - debian/patches/CVE-2016-9387-1.patch: fix overflow in
      src/libjasper/jpc/jpc_dec.c.
    - debian/patches/CVE-2016-9387-2.patch: add more checks to
      src/libjasper/jpc/jpc_dec.c.
    - CVE-2016-9387
  * SECURITY UPDATE: denial of service in ras_getcmap
    - debian/patches/CVE-2016-9388.patch: remove assertions in
      src/libjasper/ras/ras_dec.c, src/libjasper/ras/ras_enc.c.
    - CVE-2016-9388
  * SECURITY UPDATE: denial of service in jpc_irct and jpc_iict functions
    - debian/patches/CVE-2016-9389.patch: add check to
      src/libjasper/base/jas_image.c, src/libjasper/jpc/jpc_dec.c,
      src/libjasper/include/jasper/jas_image.h.
    - CVE-2016-9389
  * SECURITY UPDATE: denial of service in jas_seq2d_create
    - debian/patches/CVE-2016-9390.patch: check tiles in
      src/libjasper/jpc/jpc_cs.c.
    - CVE-2016-9390
  * SECURITY UPDATE: denial of service in jpc_bitstream_getbits
    - debian/patches/CVE-2016-9391.patch: add tests to
      src/libjasper/jpc/jpc_bs.c, src/libjasper/jpc/jpc_cs.c.
    - CVE-2016-9391
  * SECURITY UPDATE: multiple denial of service issues
    - debian/patches/CVE-2016-9392-3-4.patch: add more checks to
      src/libjasper/jpc/jpc_cs.c.
    - CVE-2016-9392
    - CVE-2016-9393
    - CVE-2016-9394
  * SECURITY UPDATE: denial of service in JPC_NOMINALGAIN
    - debian/patches/CVE-2016-9396.patch: add check to
      src/libjasper/jpc/jpc_cs.c.
    - CVE-2016-9396
  * SECURITY UPDATE: denial of service via crafted image
    - debian/patches/CVE-2016-9600.patch: add more checks to
      src/libjasper/jp2/jp2_enc.c.
    - CVE-2016-9600
  * SECURITY UPDATE: NULL pointer exception in jp2_encode
    - debian/patches/CVE-2017-1000050.patch: check number of components in
      src/libjasper/jp2/jp2_enc.c.
    - CVE-2017-1000050
  * SECURITY UPDATE: denial of service in jp2_cdef_destroy
    - debian/patches/CVE-2017-6850.patch: initialize data in
      src/libjasper/base/jas_stream.c, src/libjasper/jp2/jp2_cod.c.
    - CVE-2017-6850

 -- Marc Deslauriers <email address hidden> Wed, 27 Jun 2018 07:48:44 -0400
Source diff to previous version
CVE-2015-5203 Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via
CVE-2016-9262 Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.9
CVE-2015-5221 Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote
CVE-2016-10248 The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereferenc
CVE-2016-10250 The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference)
CVE-2016-8883 The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a
CVE-2016-8887 The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer
CVE-2016-9387 Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified
CVE-2016-9388 The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafte
CVE-2016-9389 The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).
CVE-2016-9390 The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a c
CVE-2016-9391 The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a
CVE-2016-9392 The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a craf
CVE-2016-9393 The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a
CVE-2016-9394 The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a c
CVE-2016-9396 The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion
CVE-2016-9600 JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially craf
CVE-2017-1000050 JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one c
CVE-2017-6850 The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) vi

Version: 1.900.1-debian1-2.4ubuntu1.1 2017-05-18 19:06:40 UTC

  jasper (1.900.1-debian1-2.4ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/*: synchronize security fixes with Debian's
      1.900.1-debian1-2.4+deb8u3 release. Thanks!
    - CVE-2016-1867, CVE-2016-2089, CVE-2016-8654, CVE-2016-8691,
      CVE-2016-8692, CVE-2016-8693, CVE-2016-8882, CVE-2016-9560,
      CVE-2016-9591, CVE-2016-10249, CVE-2016-10251

 -- Marc Deslauriers <email address hidden> Thu, 18 May 2017 10:37:26 -0400
CVE-2016-1867 The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a
CVE-2016-2089 The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash)
CVE-2016-8654 Heap-based buffer overflow in QMFB code in JPC codec
CVE-2016-8691 The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-
CVE-2016-8692 The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-
CVE-2016-8693 Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (c
CVE-2016-8882 The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer
CVE-2016-9560 Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified im
CVE-2016-9591 Use-after-free on heap in jas_matrix_destroy
CVE-2016-1024 Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to
CVE-2016-1025 Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to


About   -   Send Feedback to @ubuntu_updates