It was discovered that the JasPer JPEG-2000 runtime library allowed an
attacker to create a crafted input file that could lead to denial of
service and heap corruption.
Besides addressing this vulnerability, this updates also addresses a
regression introduced in the security fix for CVE-2008-3521, applied
before Debian Lenny’s release, that could cause errors when reading some
JPEG input files.
For the stable distribution (lenny), this problem has been fixed in
version 1.900.1-5.1+lenny1.
For the unstable distribution (sid), this problem has been fixed in
version 1.900.1-6.
We recommend that you upgrade your jasper package.
CPE | Name | Operator | Version |
---|---|---|---|
jasper | eq | 1.900.1-5.1 |