Debian Security Advisory
DLA-101-1 jasper -- LTS security update
- Date Reported:
- 06 Dec 2014
- Affected Packages:
- jasper
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-9029.
- More information:
-
Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, a library for manipulating JPEG-2000 files, which could lead to denial of service (application crash) or the execution of arbitrary code.
For Debian 6
Squeeze
, these issues have been fixed in jasper version 1.900.1-7+squeeze2