{"affected":[{"ecosystem_specific":{"binaries":[{"libjasper-devel":"1.900.14-134.32.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","name":"jasper","purl":"pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.900.14-134.32.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libjasper":"1.900.14-134.32.1","libjasper-32bit":"1.900.14-134.32.1","libjasper-x86":"1.900.14-134.32.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"jasper","purl":"pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.900.14-134.32.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libjasper":"1.900.14-134.32.1","libjasper-32bit":"1.900.14-134.32.1","libjasper-x86":"1.900.14-134.32.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"jasper","purl":"pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.900.14-134.32.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for jasper fixes the following issues:\n\nSecurity issues fixed:\n- CVE-2016-8654: Heap-based buffer overflow in QMFB code in JPC codec (bsc#1012530)\n- CVE-2016-9395: Missing sanity checks on the data in a SIZ marker segment (bsc#1010977).\n- CVE-2016-9398: jpc_math.c:94: int jpc_floorlog2(int): Assertion 'x > 0' failed. (bsc#1010979)\n- CVE-2016-9560: stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c) (bsc#1011830)\n- CVE-2016-9583: Out of bounds heap read in jpc_pi_nextpcrl() (bsc#1015400)\n- CVE-2016-9591: Use-after-free on heap in jas_matrix_destroy (bsc#1015993)\n- CVE-2016-9600: Null Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder (bsc#1018088)\n- CVE-2016-10251: Use of uninitialized value in jpc_pi_nextcprl (jpc_t2cod.c) (bsc#1029497)\n- CVE-2017-5498: left-shift undefined behaviour (bsc#1020353)\n- CVE-2017-6850: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) (bsc#1021868)\n","id":"SUSE-SU-2017:0946-1","modified":"2017-04-05T13:26:51Z","published":"2017-04-05T13:26:51Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20170946-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1010977"},{"type":"REPORT","url":"https://bugzilla.suse.com/1010979"},{"type":"REPORT","url":"https://bugzilla.suse.com/1011830"},{"type":"REPORT","url":"https://bugzilla.suse.com/1012530"},{"type":"REPORT","url":"https://bugzilla.suse.com/1015400"},{"type":"REPORT","url":"https://bugzilla.suse.com/1015993"},{"type":"REPORT","url":"https://bugzilla.suse.com/1018088"},{"type":"REPORT","url":"https://bugzilla.suse.com/1020353"},{"type":"REPORT","url":"https://bugzilla.suse.com/1021868"},{"type":"REPORT","url":"https://bugzilla.suse.com/1029497"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-10251"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8654"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9395"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9398"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9560"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9583"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9591"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9600"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5498"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-6850"}],"related":["CVE-2016-10251","CVE-2016-8654","CVE-2016-9395","CVE-2016-9398","CVE-2016-9560","CVE-2016-9583","CVE-2016-9591","CVE-2016-9600","CVE-2017-5498","CVE-2017-6850"],"summary":"Security update for jasper","upstream":["CVE-2016-10251","CVE-2016-8654","CVE-2016-9395","CVE-2016-9398","CVE-2016-9560","CVE-2016-9583","CVE-2016-9591","CVE-2016-9600","CVE-2017-5498","CVE-2017-6850"]}