A number of vulnerabilities were found and reported by CERT in JasPer which may allow a remote unauthenticated attacker to execute arbitrary code. Reference: http://www.kb.cert.org/vuls/id/887409
There are two overflows here, and they have been assigned the names CVE-2011-4516 and CVE-2011-4517.
Acknowledgements: Red Hat would like to thank Jonathan Foote of the CERT Coordination Center for reporting this issue.
This issue affects the version of jasper package as shipped with Red Hat Enterprise Linux 6. This issue affects the version of netpbm package as shipped with Red Hat Enterprise Linux 4 and 5.
Created mingw32-jasper tracking bugs for this issue Affects: epel-5 [bug 765663] Affects: fedora-all [bug 765664]
Created jasper tracking bugs for this issue Affects: fedora-all [bug 765660] Affects: epel-4 [bug 765661] Affects: epel-5 [bug 765662]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:1807 https://rhn.redhat.com/errata/RHSA-2011-1807.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2011:1811 https://rhn.redhat.com/errata/RHSA-2011-1811.html
jasper-1.900.1-18.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
jasper-1.900.1-14.el4 has been pushed to the Fedora EPEL 4 stable repository. If problems still persist, please make note of it in this bug report.
jasper-1.900.1-14.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
jasper-1.900.1-18.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: RHEV Manager version 3.5 Via RHSA-2015:0698 https://rhn.redhat.com/errata/RHSA-2015-0698.html
Fixed upstream in version 1.900.5: https://github.com/mdadams/jasper/commit/0d22460816ea58e74a124158fa6cc48efb709a47
*** Bug 1388863 has been marked as a duplicate of this bug. ***
*** Bug 1388864 has been marked as a duplicate of this bug. ***