CVE-2007-2721
Published: 16 May 2007
The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.
Notes
| Author | Note |
|---|---|
| kees | http://ghostscript.com/pipermail/gs-cvs/2007-October/007877.html |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
jasper Launchpad, Ubuntu, Debian |
upstream |
Released
(1.900)
|
| dapper |
Released
(1.701.0-2ubuntu0.6.06)
|
|
| edgy |
Released
(1.701.0-2ubuntu0.6.10)
|
|
| feisty |
Released
(1.701.0-2ubuntu0.7.04)
|
|
|
ghostscript Launchpad, Ubuntu, Debian |
upstream |
Released
(8.61 svn r8298)
|
| gutsy |
Released
(8.61.dfsg.1~svn8187-0ubuntu3)
|
|
|
gs-gpl Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
| edgy |
Released
(8.50-1.1ubuntu1.1)
|
|
| feisty |
Released
(8.54.dfsg.1-5ubuntu0.1)
|
|
| upstream |
Needs triage
|