1
PublicDateAtUSN: 2017-03-15
2
Candidate: CVE-2016-10249
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10249
6
https://blogs.gentoo.org/ago/2016/10/23/jasper-heap-based-buffer-overflow-in-jpc_dec_tiledecode-jpc_dec-c/
7
http://www.openwall.com/lists/oss-security/2016/10/23/7
8
https://usn.ubuntu.com/usn/usn-3295-1
10
Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer
11
before 1.900.12 allows remote attackers to have unspecified impact via a
12
crafted image file, which triggers a heap-based buffer overflow.
15
mdeslaur> fixed in (1.900.1-debian1-2.4+deb8u3)
17
https://github.com/mdadams/jasper/issues/128 (regression)
19
Discovered-by: Agostino Sarubbo
23
upstream: https://github.com/mdadams/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568
24
upstream_jasper: needs-triage
25
precise_jasper: ignored (reached end-of-life)
26
precise/esm_jasper: DNE (precise was needed)
27
trusty_jasper: released (1.900.1-14ubuntu3.4)
28
vivid/ubuntu-core_jasper: DNE
29
vivid/stable-phone-overlay_jasper: ignored (reached end-of-life)
30
xenial_jasper: released (1.900.1-debian1-2.4ubuntu1.1)
31
yakkety_jasper: released (1.900.1-debian1-2.4+deb8u3build0.16.10.1)