MDVSA-2011:189 -- Mandriva jasperID: oval:org.secpod.oval:def:301073 | Date: (C)2012-01-07 (M)2023-12-26 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been discovered and corrected in jasper: Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted numrlvls value in a JPEG2000 file . The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service , via a malformed JPEG2000 file . The updated packages have been patched to correct these issues.
Platform: |
Mandriva Linux 2010.1 |