CVE-2018-19139

NameCVE-2018-19139
DescriptionAn issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesELA-329-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
jasper (PTS)jessie, jessie (lts)1.900.1-debian1-2.4+deb8u12fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
jaspersourcejessie1.900.1-debian1-2.4+deb8u7ELA-329-1
jaspersource(unstable)(unfixed)low

Notes

[jessie] - jasper <postponed> (can be fixed later)
https://github.com/mdadams/jasper/issues/188
[wheezy] - jasper <postponed> (can be fixed later)

Search for package or bug name: Reporting problems