Skip to content
This repository has been archived by the owner on Jul 29, 2020. It is now read-only.

CVE-2017-5505 #5

Closed
jubalh opened this issue Jun 15, 2020 · 0 comments · Fixed by #38
Closed

CVE-2017-5505 #5

jubalh opened this issue Jun 15, 2020 · 0 comments · Fixed by #38
Labels
CVE PR available

Comments

@jubalh
Copy link
Member

jubalh commented Jun 15, 2020

The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.

https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jas_matrix_asl-jas_seq-c

See: jasper-software/jasper#88
@jubalh jubalh added the CVE label Jun 15, 2020
@MaxKellermann MaxKellermann linked a pull request Jun 28, 2020 that will close this issue
Lots of CVE fixes #38
Merged
@jubalh jubalh closed this as completed in e2f2e5f Jun 29, 2020
jubalh added a commit to jubalh/buildroot that referenced this issue Jul 28, 2020
@jubalh
Update Jasper to 2.0.19
3c4f2bc 
Changes:
* Fix CVE-2018-9154
  jasper-software/jasper#215
  jasper-software/jasper#166
  jasper-software/jasper#175
  jasper-maint/jasper#8

* Fix CVE-2018-19541
  jasper-software/jasper#199
  jasper-maint/jasper#6

* Fix CVE-2016-9399, CVE-2017-13751
  jasper-maint/jasper#1

* Fix CVE-2018-19540
  jasper-software/jasper#182
  jasper-maint/jasper#22

* Fix CVE-2018-9055
  jasper-maint/jasper#9

* Fix CVE-2017-13748
  jasper-software/jasper#168

* Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505
  jasper-maint/jasper#3
  jasper-maint/jasper#4
  jasper-maint/jasper#5
  jasper-software/jasper#88
  jasper-software/jasper#89
  jasper-software/jasper#90

* Fix CVE-2018-9252
  jasper-maint/jasper#16

* Fix CVE-2018-19139
  jasper-maint/jasper#14

* Fix CVE-2018-19543, CVE-2017-9782
  jasper-maint/jasper#13
  jasper-maint/jasper#18
  jasper-software/jasper#140
  jasper-software/jasper#182

* Fix CVE-2018-20570
  jasper-maint/jasper#11
  jasper-software/jasper#191

* Fix CVE-2018-20622
  jasper-maint/jasper#12
  jasper-software/jasper#193

* Fix CVE-2016-9398
  jasper-maint/jasper#10

* Fix CVE-2017-14132
  jasper-maint/jasper#17

* Fix CVE-2017-5499
  jasper-maint/jasper#2
  jasper-software/jasper#63

* Fix CVE-2018-18873
  jasper-maint/jasper#15
  jasper-software/jasper#184

* Fix jasper-software/jasper#207

* Fix jasper-software/jasper#194 part 1

* Fix CVE-2017-13750
  jasper-software/jasper#165
  jasper-software/jasper#174

* New option -DJAS_ENABLE_HIDDEN=true to not export internal symbols in the public symbol table

* Fix various memory leaks

* Plenty of code cleanups, and performance improvements
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
CVE PR available
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Lots of CVE fixes
2 participants
@MaxKellermann @jubalh