CVE-2011-4517

Priority
Description
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1
uses an incorrect data type during a certain size calculation, which allows
remote attackers to trigger a heap-based buffer overflow and execute
arbitrary code, or cause a denial of service (heap memory corruption), via
a crafted component registration (CRG) marker segment in a JPEG2000 file.
Assigned-to
mdeslaur
Notes
mdeslaurghostscript has embedded jasper in maverick and older
Debian's netpbm-free doesn't contain jasper
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Patches:
Vendor:https://rhn.redhat.com/errata/RHSA-2011-1807.html
Package
Upstream:needs-triage
Patches:
Vendor:https://rhn.redhat.com/errata/RHSA-2011-1811.html
More Information

Updated: 2020-09-10 01:54:14 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)