FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jasper -- multiple vulnerabilities

Affected packages
jasper < 1.900.1_16

Details

VuXML ID f1692469-45ce-11e5-adde-14dae9d210b8
Discovery 2015-08-17
Entry 2015-08-18
Modified 2016-02-24

Martin Prpic reports:

A double free flaw was found in the way JasPer's jasper_image_stop_load() function parsed certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.

Feist Josselin reports:

A new use-after-free was found in Jasper JPEG-200. The use-after-free appears in the function mif_process_cmpt of the src/libjasper/mif/mif_cod.c file.

References

CVE Name CVE-2015-5203
CVE Name CVE-2015-5221
URL http://seclists.org/oss-sec/2015/q3/366
URL http://seclists.org/oss-sec/2015/q3/408
URL https://bugzilla.redhat.com/show_bug.cgi?id=1254242#c0