|Description||An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
Vulnerable and fixed packages
The table below lists information on source packages.
|jasper (PTS)||jessie, jessie (lts)||1.900.1-debian1-2.4+deb8u11||vulnerable|
The information below is based on the following data on fixed versions.
|Package||Type||Release||Fixed Version||Urgency||Origin||Debian Bugs|
Fixed by https://github.com/mdadams/jasper/commit/99a50593254d1b53002719bbecfc946c84b23d27
The issue exists due to an overflow check which is not present
in Wheezy and Jessie. However it makes sense to implement this check.
This can be done when more important issues are found [wheezy].
Not suitable for code injection, hardly denial of service