CVE-2011-4516

Priority
Description
Heap-based buffer overflow in the jpc_cox_getcompparms function in
libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption) via a
crafted numrlvls value in a coding style default (COD) marker segment in a
JPEG2000 file.
Assigned-to
mdeslaur
Notes
jdstrandtest images can be found at http://www.ece.uvic.ca/~frodo/jasper/
mdeslaurghostscript has embedded jasper in maverick and older
Debian's netpbm-free doesn't contain jasper
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Patches:
Vendor:https://rhn.redhat.com/errata/RHSA-2011-1807.html
Package
Upstream:needs-triage
Patches:
Vendor:https://rhn.redhat.com/errata/RHSA-2011-1811.html
More Information

Updated: 2020-09-10 01:54:14 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)