CVE-2011-4517

Priority
Description
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1
uses an incorrect data type during a certain size calculation, which allows
remote attackers to trigger a heap-based buffer overflow and execute
arbitrary code, or cause a denial of service (heap memory corruption), via
a crafted component registration (CRG) marker segment in a JPEG2000 file.
Notes
 mdeslaur> ghostscript has embedded jasper in maverick and older
 mdeslaur> Debian's netpbm-free doesn't contain jasper
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Patches:
Vendor:https://rhn.redhat.com/errata/RHSA-2011-1807.html
Package
Upstream:needs-triage
Patches:
Vendor:https://rhn.redhat.com/errata/RHSA-2011-1811.html
More Information

Updated: 2019-03-19 12:01:49 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)