DSA-2036-1 jasper -- programming errorID: oval:org.secpod.oval:def:600057 | Date: (C)2011-01-28 (M)2023-11-09 |
Class: PATCH | Family: unix |
It was discovered that the JasPer JPEG-2000 runtime library allowed an attacker to create a crafted input file that could lead to denial of service and heap corruption. Besides addressing this vulnerability, this updates also addresses a regression introduced in the security fix for CVE-2008-3521, applied before Debian Lenny"s release, that could cause errors when reading some JPEG input files. For the stable distribution , this problem has been fixed in version 1.900.1-5.1+lenny1. For the unstable distribution , this problem has been fixed in version 1.900.1-6. We recommend that you upgrade your jasper package.