[3.4] jasper: Security issues (CVE-2016-1577, CVE-2016-2089, CVE-2016-2116)ID: oval:org.secpod.oval:def:1800894 | Date: (C)2018-03-29 (M)2023-12-26 |
Class: PATCH | Family: unix |
CVE-2016-1577: A double free vulnerability in jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allowing remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file was found. CVE-2016-2089: The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service via a crafted JPEG 2000 image. CVE-2016-2116: Memory leak in jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier was found,allowing remote attackers to cause a denial of service via a crafted ICC color profile in a JPEG 2000 image file.
Platform: |
Alpine Linux 3.4 |