ELA-329-1 jasper security update
Package jasper
ELA-329-1 jasper security update
Version 1.900.1-debian1-2.4+deb8u7
Related CVEs CVE-2017-9782 CVE-2018-19139 CVE-2018-19543 CVE-2020-27828
Several security vulnerabilities were found and corrected in jasper, a JPEG 2000 image library, which could lead to denial-of-service or have other unspecified impact.
CVE-2018-19139: Fix memory leaks by registering jpc_unk_destroyparms.
CVE-2020-27828: Avoid maxrlvls more than upper bound to cause heap-buffer-overflow.
CVE-2018-19543 and CVE-2017-9782: There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.
For Debian 8 jessie, these problems have been fixed in version 1.900.1-debian1-2.4+deb8u7.
We recommend that you upgrade your jasper packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
A jasper security update has been released for Debian GNU/Linux 8 Extended LTS to address several security vulnerabilities.