Package name
jasper
Date
2009-06-26
Advisory ID
MDVSA-2009:142
Affected versions
2009.0 x86_64 , 2009.1 i586 , 2009.0 i586 , 2008.1 i586 , CS4.0 i586 , CS4.0 x86_64 , 2008.1 x86_64 , 2009.1 x86_64

Problem description

Multiple security vulnerabilities has been identified and fixed
in jasper:

The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer
JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted
attackers to cause a denial of service (crash) and possibly corrupt
the heap via malformed image files, as originally demonstrated using
imagemagick convert (CVE-2007-2721).

Multiple integer overflows in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via a crafted
image file, related to integer multiplication for memory allocation
(CVE-2008-3520).

The jas_stream_tmpfile function in libjasper/base/jas_stream.c in
JasPer 1.900.1 allows local users to overwrite arbitrary files via
a symlink attack on a tmp.XXXXXXXXXX temporary file (CVE-2008-3521).

Buffer overflow in the jas_stream_printf function in
libjasper/base/jas_stream.c in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via
vectors related to the mif_hdr_put function and use of vsprintf
(CVE-2008-3522).

The updated packages have been patched to prevent this.

Updated packages

2009.0 x86_64

 e48536726ba6c83c14fc4a3533c1aa72  2009.0/x86_64/jasper-1.900.1-4.1mdv2009.0.x86_64.rpm
 9e756d8c55f33a7a58955c2c556e8b53  2009.0/x86_64/lib64jasper1-1.900.1-4.1mdv2009.0.x86_64.rpm
 a3a6ea3a8943d07096bdf2b6bffa905f  2009.0/x86_64/lib64jasper1-devel-1.900.1-4.1mdv2009.0.x86_64.rpm
 9035b3ca72439aaadc0d0354ccb7d094  2009.0/x86_64/lib64jasper1-static-devel-1.900.1-4.1mdv2009.0.x86_64.rpm 
 107b936e8361e9778077500205582db1  2009.0/SRPMS/jasper-1.900.1-4.1mdv2009.0.src.rpm

2009.1 i586

 b11ffbb67ab917d95b23e3d71098da4d  2009.1/i586/jasper-1.900.1-5.1mdv2009.1.i586.rpm
 0403d7db1343380b23c87845ad89539c  2009.1/i586/libjasper1-1.900.1-5.1mdv2009.1.i586.rpm
 22cd4305bca44bbc47cb42e115514b7f  2009.1/i586/libjasper-devel-1.900.1-5.1mdv2009.1.i586.rpm
 9e34a3304b35363853a3c733a87b03fb  2009.1/i586/libjasper-static-devel-1.900.1-5.1mdv2009.1.i586.rpm 
 ba5e1fd525c267b49e3e5241a922185a  2009.1/SRPMS/jasper-1.900.1-5.1mdv2009.1.src.rpm

2009.0 i586

 89674fae78d1e53361413798c598e53a  2009.0/i586/jasper-1.900.1-4.1mdv2009.0.i586.rpm
 244e0d289c1ed9223d04d37cce6ac30c  2009.0/i586/libjasper1-1.900.1-4.1mdv2009.0.i586.rpm
 adfbe8cbdcf16177a9894753a36ac04d  2009.0/i586/libjasper1-devel-1.900.1-4.1mdv2009.0.i586.rpm
 98d7a08e49d6b0b9c3b3ac45ee31fab2  2009.0/i586/libjasper1-static-devel-1.900.1-4.1mdv2009.0.i586.rpm 
 107b936e8361e9778077500205582db1  2009.0/SRPMS/jasper-1.900.1-4.1mdv2009.0.src.rpm

2008.1 i586

 b415b975e60c3e47af3b67c21f89fde9  2008.1/i586/jasper-1.900.1-3.1mdv2008.1.i586.rpm
 525a4213baf56dee4733976ebbf916af  2008.1/i586/libjasper1-1.900.1-3.1mdv2008.1.i586.rpm
 eda31571a90149b4bebdc976b5e04406  2008.1/i586/libjasper1-devel-1.900.1-3.1mdv2008.1.i586.rpm
 b974e8d5ef8992aec3b1031de47ac9f4  2008.1/i586/libjasper1-static-devel-1.900.1-3.1mdv2008.1.i586.rpm 
 01b1f3bcf707d3296f41a736c5bdc7ed  2008.1/SRPMS/jasper-1.900.1-3.1mdv2008.1.src.rpm

CS4.0 i586

 390256d639cfbc0f15bf6895b3b18450  corporate/4.0/i586/jasper-1.701.0-3.1.20060mlcs4.i586.rpm
 44915a643d07e967fca1912bca97a03b  corporate/4.0/i586/libjasper1.701_1-1.701.0-3.1.20060mlcs4.i586.rpm
 5f4c0ecd6f5f5a7585b1e13f245a86d0  corporate/4.0/i586/libjasper1.701_1-devel-1.701.0-3.1.20060mlcs4.i586.rpm
 374d797c523577b4b1839cdc52fe5664  corporate/4.0/i586/libjasper1.701_1-static-devel-1.701.0-3.1.20060mlcs4.i586.rpm 
 34a9fdad21246f55d452de585dd2bf95  corporate/4.0/SRPMS/jasper-1.701.0-3.1.20060mlcs4.src.rpm

CS4.0 x86_64

 ba555966cb3df0218a682788d734a4b8  corporate/4.0/x86_64/jasper-1.701.0-3.1.20060mlcs4.x86_64.rpm
 82405a393d7454a0da522d4b9cd5bd22  corporate/4.0/x86_64/lib64jasper1.701_1-1.701.0-3.1.20060mlcs4.x86_64.rpm
 5443fe74af531fb8786de9d79f989433  corporate/4.0/x86_64/lib64jasper1.701_1-devel-1.701.0-3.1.20060mlcs4.x86_64.rpm
 331aea54055a12468e48bcac1604b4c5  corporate/4.0/x86_64/lib64jasper1.701_1-static-devel-1.701.0-3.1.20060mlcs4.x86_64.rpm 
 34a9fdad21246f55d452de585dd2bf95  corporate/4.0/SRPMS/jasper-1.701.0-3.1.20060mlcs4.src.rpm

2008.1 x86_64

 5322cd4a5498e9e9a92777738d4aef90  2008.1/x86_64/jasper-1.900.1-3.1mdv2008.1.x86_64.rpm
 f7f0188142c7890148a643218016b809  2008.1/x86_64/lib64jasper1-1.900.1-3.1mdv2008.1.x86_64.rpm
 d11f1b52a11db1516ecf51fa2d863238  2008.1/x86_64/lib64jasper1-devel-1.900.1-3.1mdv2008.1.x86_64.rpm
 7bf348d780f0392a2256fec32e1136f4  2008.1/x86_64/lib64jasper1-static-devel-1.900.1-3.1mdv2008.1.x86_64.rpm 
 01b1f3bcf707d3296f41a736c5bdc7ed  2008.1/SRPMS/jasper-1.900.1-3.1mdv2008.1.src.rpm

2009.1 x86_64

 b4c00f01c5df8638bb4d76c44e4c88cc  2009.1/x86_64/jasper-1.900.1-5.1mdv2009.1.x86_64.rpm
 b4aefde111aba037a6738ccdd509f061  2009.1/x86_64/lib64jasper1-1.900.1-5.1mdv2009.1.x86_64.rpm
 e3a1dda206b8a383b0da6794198a2e02  2009.1/x86_64/lib64jasper-devel-1.900.1-5.1mdv2009.1.x86_64.rpm
 a66c98b93ebd2caca3ce4bb321e092b7  2009.1/x86_64/lib64jasper-static-devel-1.900.1-5.1mdv2009.1.x86_64.rpm 
 ba5e1fd525c267b49e3e5241a922185a  2009.1/SRPMS/jasper-1.900.1-5.1mdv2009.1.src.rpm

References