File _patchinfo of Package patchinfo.3843
<patchinfo incident="3843"> <packager>fstrba</packager> <issue tracker="bnc" id="1012530">VUL-0: CVE-2016-8654: jasper: Heap-based buffer overflow in QMFB code in JPC codec</issue> <issue tracker="bnc" id="1010979">VUL-0: CVE-2016-9398: jasper: jpc_math.c:94: int jpc_floorlog2(int): Assertion `x > 0′ failed.</issue> <issue tracker="bnc" id="1010977">VUL-0: CVE-2016-9395: jasper: jas_seq.c:90: jas_matrix_t *jas_seq2d_create(int, int, int, int): Assertion `xstart <= xend && ystart <= yend' failed.</issue> <issue tracker="bnc" id="1011830">VUL-0: CVE-2016-9560: jasper: stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c)</issue> <issue tracker="bnc" id="1015993">VUL-0: CVE-2016-9591: jasper: Use-after-free on heap in jas_matrix_destroy</issue> <issue tracker="cve" id="2016-8654"></issue> <issue tracker="cve" id="2016-9398"></issue> <issue tracker="cve" id="2016-9560"></issue> <issue tracker="cve" id="2016-9395"></issue> <issue tracker="cve" id="2016-9591"></issue> <category>security</category> <rating>important</rating> <summary>Security update for jasper</summary> <description> This update for jasper fixes the following issues: - CVE-2016-8654: Heap-based buffer overflow in QMFB code in JPC codec. (bsc#1012530) - CVE-2016-9395: Invalid jasper files could lead to abort of the library caused by attacker provided image. (bsc#1010977) - CVE-2016-9398: Invalid jasper files could lead to abort of the library caused by attacker provided image. (bsc#1010979) - CVE-2016-9560: Stack-based buffer overflow in jpc_tsfb_getbands2. (bsc#1011830) - CVE-2016-9591: Use-after-free on heap in jas_matrix_destroy. (bsc#1015993) </description> </patchinfo>
