update for jasper
- jasper-1.900.1-bnc725758.patch:
Two security bugs allowing buffer overflow to be caused by
incorrect image data (bnc#725758, CVE-2011-4516 and CVE-2011-4517)
-
Submitted by
Michal Kubeček (mkubecek)
Fixed bugs
bnc#725758
VUL-0: jasper: multiple buffer overflows
CVE-CVE-2011-4517
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of
CVE-CVE-2011-4516
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a JPEG2000 file.
