Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2007-2721

Published: 16 May 2007

The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.

Notes

AuthorNote
kees
http://ghostscript.com/pipermail/gs-cvs/2007-October/007877.html

Priority

Medium

Status

Package Release Status
ghostscript
Launchpad, Ubuntu, Debian
gutsy
Released (8.61.dfsg.1~svn8187-0ubuntu3)
upstream
Released (8.61 svn r8298)
gs-gpl
Launchpad, Ubuntu, Debian
dapper Not vulnerable

edgy
Released (8.50-1.1ubuntu1.1)
feisty
Released (8.54.dfsg.1-5ubuntu0.1)
upstream Needs triage

jasper
Launchpad, Ubuntu, Debian
dapper
Released (1.701.0-2ubuntu0.6.06)
edgy
Released (1.701.0-2ubuntu0.6.10)
feisty
Released (1.701.0-2ubuntu0.7.04)
upstream
Released (1.900)