Rapid7 Vulnerability & Exploit Database

RHSA-2011:1807: jasper security update

Back to Search

RHSA-2011:1807: jasper security update

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
12/14/2011
Created
07/25/2018
Added
12/16/2011
Modified
07/04/2017

Description

JasPer is an implementation of Part 1 of the JPEG 2000 image compressionstandard.Two heap-based buffer overflow flaws were found in the way JasPer decodedJPEG 2000 compressed image files. An attacker could create a malicious JPEG2000 compressed image file that, when opened, would cause applications thatuse JasPer (such as Nautilus) to crash or, potentially, execute arbitrarycode. (CVE-2011-4516, CVE-2011-4517)Red Hat would like to thank Jonathan Foote of the CERT Coordination Centerfor reporting these issues.Users are advised to upgrade to these updated packages, which contain abackported patch to correct these issues. All applications using the JasPerlibraries (such as Nautilus) must be restarted for the update to takeeffect.

Solution(s)

  • redhat-upgrade-jasper
  • redhat-upgrade-jasper-debuginfo
  • redhat-upgrade-jasper-devel
  • redhat-upgrade-jasper-libs
  • redhat-upgrade-jasper-utils

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;