Bug 747726 (CVE-2011-4516, CVE-2011-4517) - CVE-2011-4516 CVE-2011-4517 jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409)
Summary: CVE-2011-4516 CVE-2011-4517 jasper: heap buffer overflow flaws lead to arbitr...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-4516, CVE-2011-4517
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20111208,repo...
Depends On: 749149 749150 760848 760849 760850 765660 765661 765662 765663 765664
Blocks: 747729 1167538
TreeView+ depends on / blocked
 
Reported: 2011-10-20 20:51 UTC by Vincent Danen
Modified: 2019-06-08 18:56 UTC (History)
6 users (show)

Fixed In Version: jasper 1.900.5
Doc Type: Bug Fix
Doc Text:
A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer (such as Nautilus) to crash or, potentially, execute arbitrary code.
Clone Of:
Environment:
Last Closed: 2012-08-10 17:30:07 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1807 normal SHIPPED_LIVE Important: jasper security update 2011-12-09 10:33:46 UTC
Red Hat Product Errata RHSA-2011:1811 normal SHIPPED_LIVE Important: netpbm security update 2011-12-13 02:06:54 UTC
Red Hat Product Errata RHSA-2015:0698 normal SHIPPED_LIVE Important: rhevm-spice-client security, bug fix, and enhancement update 2015-03-18 16:11:47 UTC

Description Vincent Danen 2011-10-20 20:51:31 UTC
A number of vulnerabilities were found and reported by CERT in JasPer which may allow a remote unauthenticated attacker to execute arbitrary code.

Reference:
http://www.kb.cert.org/vuls/id/887409

Comment 17 Vincent Danen 2011-12-05 22:52:53 UTC
There are two overflows here, and they have been assigned the names CVE-2011-4516 and CVE-2011-4517.

Comment 18 Vincent Danen 2011-12-05 23:02:12 UTC
Acknowledgements:

Red Hat would like to thank Jonathan Foote of the CERT Coordination Center for reporting this issue.

Comment 19 Huzaifa S. Sidhpurwala 2011-12-07 06:17:47 UTC
This issue affects the version of jasper package as shipped with Red Hat Enterprise Linux 6.

This issue affects the version of netpbm package as shipped with Red Hat Enterprise Linux 4 and 5.

Comment 22 Huzaifa S. Sidhpurwala 2011-12-09 03:35:53 UTC
Created mingw32-jasper tracking bugs for this issue

Affects: epel-5 [bug 765663]
Affects: fedora-all [bug 765664]

Comment 23 Huzaifa S. Sidhpurwala 2011-12-09 03:35:57 UTC
Created jasper tracking bugs for this issue

Affects: fedora-all [bug 765660]
Affects: epel-4 [bug 765661]
Affects: epel-5 [bug 765662]

Comment 24 errata-xmlrpc 2011-12-09 05:35:48 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:1807 https://rhn.redhat.com/errata/RHSA-2011-1807.html

Comment 25 errata-xmlrpc 2011-12-12 21:08:36 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2011:1811 https://rhn.redhat.com/errata/RHSA-2011-1811.html

Comment 26 Fedora Update System 2011-12-30 22:53:26 UTC
jasper-1.900.1-18.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 27 Fedora Update System 2012-01-02 19:53:25 UTC
jasper-1.900.1-14.el4 has been pushed to the Fedora EPEL 4 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 28 Fedora Update System 2012-01-02 19:54:09 UTC
jasper-1.900.1-14.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 29 Fedora Update System 2012-01-02 21:52:26 UTC
jasper-1.900.1-18.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 30 errata-xmlrpc 2015-03-18 12:12:26 UTC
This issue has been addressed in the following products:

  RHEV Manager version 3.5

Via RHSA-2015:0698 https://rhn.redhat.com/errata/RHSA-2015-0698.html

Comment 31 Tomas Hoger 2016-11-24 10:55:02 UTC
Fixed upstream in version 1.900.5:

https://github.com/mdadams/jasper/commit/0d22460816ea58e74a124158fa6cc48efb709a47


Note You need to log in before you can comment on or make changes to this bug.