jasper

• Author: kikadf
• Vulnerable: 1.900.1-5
• Unaffected: 1.900.1-6arcturus1

Two buffer overflows were discovered in JasPer, a library for handling JPEG-2000 images, which could lead to the execution of arbitrary code. Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, a library for manipulating JPEG-2000 files, which could lead to denial of service (application crash) or the execution of arbitrary code.

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4516
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4517
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9029