{"affected":[{"ecosystem_specific":{"binaries":[{"jasper":"2.0.14-lp151.4.3.1","libjasper-devel":"2.0.14-lp151.4.3.1","libjasper4":"2.0.14-lp151.4.3.1","libjasper4-32bit":"2.0.14-lp151.4.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.1","name":"jasper","purl":"pkg:rpm/opensuse/jasper&distro=openSUSE%20Leap%2015.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.0.14-lp151.4.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for jasper fixes the following issues:\n\nSecurity issues fixed: \n\n- CVE-2018-19540: Fixed  a heap based overflow in jas_icctxtdesc_input (bsc#1117508).\n- CVE-2018-19541: Fix heap based overread in jas_image_depalettize (bsc#1117507).\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2019:2282-1","modified":"2019-10-07T14:21:19Z","published":"2019-10-07T14:21:19Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IYL4GQHJIENFDBIRS75TWZNNQJSIPMBX/#IYL4GQHJIENFDBIRS75TWZNNQJSIPMBX"},{"type":"REPORT","url":"https://bugzilla.suse.com/1117507"},{"type":"REPORT","url":"https://bugzilla.suse.com/1117508"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-19540"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-19541"}],"related":["CVE-2018-19540","CVE-2018-19541"],"summary":"Security update for jasper","upstream":["CVE-2018-19540","CVE-2018-19541"]}