DSA-2036 jasper -- programming errorID: oval:org.mitre.oval:def:7407 | Date: (C)2010-05-24 (M)2023-11-13 |
Class: PATCH | Family: unix |
It was discovered that the JasPer JPEG-2000 runtime library allowed an attacker to create a crafted input file that could lead to denial of service and heap corruption. Besides addressing this vulnerability, this updates also addresses a regression introduced in the security fix for CVE-2008-3521, applied before Debian Lenny"s release, that could cause errors when reading some JPEG input files.