SUSE-SU-2020:2689-1 -- SLES jasper, libjasper4, libjasper-develID: oval:org.secpod.oval:def:89050401 | Date: (C)2023-10-10 (M)2023-10-10 |
Class: PATCH | Family: unix |
This update for jasper fixes the following issues: - CVE-2016-9398: Improved patch for already fixed issue . - CVE-2016-9399: Fix assert in calcstepsizes . - CVE-2017-5499: Validate component depth bit . - CVE-2017-5503: Check bounds in jas_seq2d_bindsub . - CVE-2017-5504: Check bounds in jas_seq2d_bindsub . - CVE-2017-5505: Check bounds in jas_seq2d_bindsub . - CVE-2017-14132: Fix heap base overflow in by checking components . - CVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize . - CVE-2018-18873: Fix null pointer deref in ras_putdatastd . - CVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms . - CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup . - CVE-2018-20570: Fix heap based buffer over-read in jp2_encode . - CVE-2018-20622: Fix memory leak in jas_malloc.c .
Platform: |
SUSE Linux Enterprise Server 15 SP2 |
SUSE Linux Enterprise Desktop 15 SP1 |
SUSE Linux Enterprise Desktop 15 SP2 |
SUSE Linux Enterprise Server 15 SP1 |
Product: |
jasper |
libjasper4 |
libjasper-devel |