USN-742-1: JasPer vulnerabilities
19 March 2009
JasPer vulnerabilities
Releases
Packages
- jasper -
Details
It was discovered that JasPer did not correctly handle memory allocation
when parsing certain malformed JPEG2000 images. If a user were tricked into
opening a specially crafted image with an application that uses libjasper,
an attacker could cause a denial of service and possibly execute arbitrary
code with the user's privileges. (CVE-2008-3520)
It was discovered that JasPer created temporary files in an insecure way.
Local users could exploit a race condition and cause a denial of service in
libjasper applications.
(CVE-2008-3521)
It was discovered that JasPer did not correctly handle certain formatting
operations. If a user were tricked into opening a specially crafted image
with an application that uses libjasper, an attacker could cause a denial
of service and possibly execute arbitrary code with the user's privileges.
(CVE-2008-3522)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 8.10
Ubuntu 8.04
Ubuntu 7.10
Ubuntu 6.06
In general, a standard system upgrade is sufficient to effect the
necessary changes.
References
Related notices
- USN-1317-1: ghostscript, libgs8