Security update for jasper
This update for jasper fixes the following issues:
Security issues fixed:
- CVE-2018-19540: Fixed a heap based overflow in jas_icctxtdesc_input (bsc#1117508).
- CVE-2018-19541: Fix heap based overread in jas_image_depalettize (bsc#1117507).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Michael Vetter (jubalh)
Fixed bugs
bnc#1117507
VUL-1: CVE-2018-19541: jasper: heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c
bnc#1117508
VUL-0: CVE-2018-19540: jasper: heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c
