Overview

File _patchinfo of Package patchinfo.366

<patchinfo incident="366">
  <issue id="911837" tracker="bnc">VUL-0: CVE-2014-8157, CVE-2014-8158: jasper: use after free and OOB vulnerabilities</issue>
  <issue id="CVE-2014-8157" tracker="cve" />
  <issue id="CVE-2014-8158" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>nadvornik</packager>
  <description>jasper was updated to fix two security issues.

These security issues were fixed:
- CVE-2014-8157: Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow (bnc#911837).
CVE-2014-8158: Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image (bnc#911837).
  </description>
  <summary>Security update for jasper</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places