Debian Security Advisory

DLA-101-1 jasper -- LTS security update

Date Reported:
06 Dec 2014
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2014-9029.
More information:

Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, a library for manipulating JPEG-2000 files, which could lead to denial of service (application crash) or the execution of arbitrary code.

For Debian 6 Squeeze, these issues have been fixed in jasper version 1.900.1-7+squeeze2