CVE-2011-4517
Published: 14 December 2011
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.
Notes
| Author | Note |
|---|---|
| mdeslaur | ghostscript has embedded jasper in maverick and older Debian's netpbm-free doesn't contain jasper |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
ghostscript Launchpad, Ubuntu, Debian |
hardy |
Released
(8.61.dfsg.1-1ubuntu3.4)
|
| lucid |
Released
(8.71.dfsg.1-0ubuntu5.4)
|
|
| maverick |
Released
(8.71.dfsg.2-0ubuntu7.1)
|
|
| natty |
Not vulnerable
(uses system jasper)
|
|
| oneiric |
Not vulnerable
(uses system jasper)
|
|
| upstream |
Needs triage
|
|
|
jasper Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Released
(1.900.1-7ubuntu0.10.04.1)
|
|
| maverick |
Released
(1.900.1-7ubuntu0.10.10.1)
|
|
| natty |
Released
(1.900.1-7ubuntu2.11.04.1)
|
|
| oneiric |
Released
(1.900.1-7ubuntu2.11.10.1)
|
|
| upstream |
Needs triage
|
|
|
Patches: vendor: https://rhn.redhat.com/errata/RHSA-2011-1807.html |
||
|
netpbm-free Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
(code not present)
|
| lucid |
Not vulnerable
(code not present)
|
|
| maverick |
Not vulnerable
(code not present)
|
|
| natty |
Not vulnerable
(code not present)
|
|
| oneiric |
Not vulnerable
(code not present)
|
|
| upstream |
Needs triage
|
|
|
Patches: vendor: https://rhn.redhat.com/errata/RHSA-2011-1811.html |
||