File _patchinfo of Package patchinfo.16208
<patchinfo incident="16208"> <issue tracker="bnc" id="1010979">VUL-0: CVE-2016-9398: jasper: jpc_math.c:94: int jpc_floorlog2(int): Assertion 'x > 0' failed.</issue> <issue tracker="bnc" id="1010980">VUL-1: CVE-2016-9399: jasper: Assertion triggered in calcstepsizes</issue> <issue tracker="bnc" id="1020451">VUL-1: CVE-2017-5499,CVE-2017-5500,CVE-2017-5501,CVE-2017-5502: jasper: multiple crashes with UBSAN</issue> <issue tracker="bnc" id="1020456">VUL-0: CVE-2017-5503: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c)</issue> <issue tracker="bnc" id="1020458">VUL-1: CVE-2017-5504: jasper: invalid memory read in jpc_undo_roi (jpc_dec.c)</issue> <issue tracker="bnc" id="1020460">VUL-1: CVE-2017-5505: jasper: invalid memory read in jas_matrix_asl (jas_seq.c)</issue> <issue tracker="bnc" id="1045450">VUL-1: CVE-2017-9782: jasper: DoS via crafted image, related to thejp2_decode function in libjasper/jp2/jp2_dec.c.</issue> <issue tracker="bnc" id="1057152">VUL-1: CVE-2017-14132: jasper: JasPer 2.0.13 allows remote attackers to cause a denial of service(heap-based buffer over-read and application crash) via a craftedimage, related to the jas_image_ishomosamp function inlibjasper/base/jas_im</issue> <issue tracker="bnc" id="1088278">VUL-1: CVE-2018-9252: jasper: Denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.</issue> <issue tracker="bnc" id="1114498">VUL-1: CVE-2018-18873: jasper: A NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.</issue> <issue tracker="bnc" id="1115637">VUL-1: CVE-2018-19139: jasper: An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.</issue> <issue tracker="bnc" id="1117328">VUL-1: CVE-2018-19543: jasper: An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.</issue> <issue tracker="bnc" id="1120805">VUL-1: CVE-2018-20622: jasper: memory leak in base/jas_malloc.c when "--output-format jp2" is used</issue> <issue tracker="bnc" id="1120807">VUL-1: CVE-2018-20570: jasper: heap-based buffer over-read in jp2_encode in jp2/jp2_enc.c</issue> <issue tracker="cve" id="2016-9398"/> <issue tracker="cve" id="2016-9399"/> <issue tracker="cve" id="2017-5499"/> <issue tracker="cve" id="2017-5503"/> <issue tracker="cve" id="2017-5504"/> <issue tracker="cve" id="2017-5505"/> <issue tracker="cve" id="2017-9782"/> <issue tracker="cve" id="2017-14132"/> <issue tracker="cve" id="2018-9252"/> <issue tracker="cve" id="2018-18873"/> <issue tracker="cve" id="2018-19139"/> <issue tracker="cve" id="2018-19543"/> <issue tracker="cve" id="2018-20570"/> <issue tracker="cve" id="2018-20622"/> <packager>mvetter</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for jasper</summary> <description>This update for jasper fixes the following issues: - CVE-2016-9398: Improved patch for already fixed issue (bsc#1010979). - CVE-2016-9399: Fix assert in calcstepsizes (bsc#1010980). - CVE-2017-5499: Validate component depth bit (bsc#1020451). - CVE-2017-5503: Check bounds in jas_seq2d_bindsub() (bsc#1020456). - CVE-2017-5504: Check bounds in jas_seq2d_bindsub() (bsc#1020458). - CVE-2017-5505: Check bounds in jas_seq2d_bindsub() (bsc#1020460). - CVE-2017-14132: Fix heap base overflow in by checking components (bsc#1057152). - CVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize (bsc#1088278). - CVE-2018-18873: Fix null pointer deref in ras_putdatastd (bsc#1114498). - CVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms (bsc#1115637). - CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup (bsc#1117328). - CVE-2018-20570: Fix heap based buffer over-read in jp2_encode (bsc#1120807). - CVE-2018-20622: Fix memory leak in jas_malloc.c (bsc#1120805). </description> </patchinfo>
