Your submission was sent successfully! Close

CVE-2011-4517

Published: 14 December 2011

The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.

Notes

AuthorNote
mdeslaur
ghostscript has embedded jasper in maverick and older
Debian's netpbm-free doesn't contain jasper
Priority

Medium

Status

Package Release Status
ghostscript
Launchpad, Ubuntu, Debian
hardy
Released (8.61.dfsg.1-1ubuntu3.4)
lucid
Released (8.71.dfsg.1-0ubuntu5.4)
maverick
Released (8.71.dfsg.2-0ubuntu7.1)
natty Not vulnerable
(uses system jasper)
oneiric Not vulnerable
(uses system jasper)
upstream Needs triage

jasper
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid
Released (1.900.1-7ubuntu0.10.04.1)
maverick
Released (1.900.1-7ubuntu0.10.10.1)
natty
Released (1.900.1-7ubuntu2.11.04.1)
oneiric
Released (1.900.1-7ubuntu2.11.10.1)
upstream Needs triage

Patches:
vendor: https://rhn.redhat.com/errata/RHSA-2011-1807.html

netpbm-free
Launchpad, Ubuntu, Debian
hardy Not vulnerable
(code not present)
lucid Not vulnerable
(code not present)
maverick Not vulnerable
(code not present)
natty Not vulnerable
(code not present)
oneiric Not vulnerable
(code not present)
upstream Needs triage

Patches:

vendor: https://rhn.redhat.com/errata/RHSA-2011-1811.html