Security update for jasper
This update for jasper fixes the following issues:
- CVE-2016-8654: Heap-based buffer overflow in QMFB code in JPC codec. (bsc#1012530)
- CVE-2016-9395: Invalid jasper files could lead to abort of the library caused by attacker provided image. (bsc#1010977)
- CVE-2016-9398: Invalid jasper files could lead to abort of the library caused by attacker provided image. (bsc#1010979)
- CVE-2016-9560: Stack-based buffer overflow in jpc_tsfb_getbands2. (bsc#1011830)
- CVE-2016-9591: Use-after-free on heap in jas_matrix_destroy. (bsc#1015993)
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Fridrich Strba (fstrba)
Fixed bugs
bnc#1012530
VUL-0: CVE-2016-8654: jasper: Heap-based buffer overflow in QMFB code in JPC codec
bnc#1010979
VUL-0: CVE-2016-9398: jasper: jpc_math.c:94: int jpc_floorlog2(int): Assertion `x > 0′ failed.
bnc#1010977
VUL-0: CVE-2016-9395: jasper: jas_seq.c:90: jas_matrix_t *jas_seq2d_create(int, int, int, int): Assertion `xstart <= xend && ystart <= yend' failed.
bnc#1011830
VUL-0: CVE-2016-9560: jasper: stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c)
bnc#1015993
VUL-0: CVE-2016-9591: jasper: Use-after-free on heap in jas_matrix_destroy
