CVE-2011-4516

Priority
Description
Heap-based buffer overflow in the jpc_cox_getcompparms function in
libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption) via a
crafted numrlvls value in a coding style default (COD) marker segment in a
JPEG2000 file.
Notes
 jdstrand> test images can be found at http://www.ece.uvic.ca/~frodo/jasper/
 mdeslaur> ghostscript has embedded jasper in maverick and older
 mdeslaur> Debian's netpbm-free doesn't contain jasper
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Patches:
Vendor:https://rhn.redhat.com/errata/RHSA-2011-1807.html
Package
Upstream:needs-triage
Patches:
Vendor:https://rhn.redhat.com/errata/RHSA-2011-1811.html
More Information

Updated: 2019-03-19 12:01:48 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)