{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"jasper-1.900.14-3.1 on GA media","title":"Title of the patch"},{"category":"description","text":"These are all security issues fixed in the jasper-1.900.14-3.1 package on the GA media of openSUSE Tumbleweed.","title":"Description of the patch"},{"category":"details","text":"openSUSE-Tumbleweed-2024-10281","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10281-1.json"},{"category":"self","summary":"SUSE CVE CVE-2008-3522 page","url":"https://www.suse.com/security/cve/CVE-2008-3522/"},{"category":"self","summary":"SUSE CVE CVE-2011-4516 page","url":"https://www.suse.com/security/cve/CVE-2011-4516/"},{"category":"self","summary":"SUSE CVE CVE-2011-4517 page","url":"https://www.suse.com/security/cve/CVE-2011-4517/"},{"category":"self","summary":"SUSE CVE CVE-2014-8137 page","url":"https://www.suse.com/security/cve/CVE-2014-8137/"},{"category":"self","summary":"SUSE CVE CVE-2014-8138 page","url":"https://www.suse.com/security/cve/CVE-2014-8138/"},{"category":"self","summary":"SUSE CVE CVE-2014-8157 page","url":"https://www.suse.com/security/cve/CVE-2014-8157/"},{"category":"self","summary":"SUSE CVE CVE-2014-8158 page","url":"https://www.suse.com/security/cve/CVE-2014-8158/"},{"category":"self","summary":"SUSE CVE CVE-2014-9029 page","url":"https://www.suse.com/security/cve/CVE-2014-9029/"},{"category":"self","summary":"SUSE CVE CVE-2015-5203 page","url":"https://www.suse.com/security/cve/CVE-2015-5203/"},{"category":"self","summary":"SUSE CVE CVE-2015-5221 page","url":"https://www.suse.com/security/cve/CVE-2015-5221/"},{"category":"self","summary":"SUSE CVE CVE-2016-1577 page","url":"https://www.suse.com/security/cve/CVE-2016-1577/"},{"category":"self","summary":"SUSE CVE CVE-2016-1867 page","url":"https://www.suse.com/security/cve/CVE-2016-1867/"},{"category":"self","summary":"SUSE CVE CVE-2016-2089 page","url":"https://www.suse.com/security/cve/CVE-2016-2089/"},{"category":"self","summary":"SUSE CVE CVE-2016-2116 page","url":"https://www.suse.com/security/cve/CVE-2016-2116/"},{"category":"self","summary":"SUSE CVE CVE-2016-8654 page","url":"https://www.suse.com/security/cve/CVE-2016-8654/"},{"category":"self","summary":"SUSE CVE CVE-2016-8690 page","url":"https://www.suse.com/security/cve/CVE-2016-8690/"},{"category":"self","summary":"SUSE CVE CVE-2016-8691 page","url":"https://www.suse.com/security/cve/CVE-2016-8691/"},{"category":"self","summary":"SUSE CVE CVE-2016-8692 page","url":"https://www.suse.com/security/cve/CVE-2016-8692/"},{"category":"self","summary":"SUSE CVE CVE-2016-8693 page","url":"https://www.suse.com/security/cve/CVE-2016-8693/"},{"category":"self","summary":"SUSE CVE CVE-2016-8880 page","url":"https://www.suse.com/security/cve/CVE-2016-8880/"},{"category":"self","summary":"SUSE CVE CVE-2016-8881 page","url":"https://www.suse.com/security/cve/CVE-2016-8881/"},{"category":"self","summary":"SUSE CVE CVE-2016-8882 page","url":"https://www.suse.com/security/cve/CVE-2016-8882/"},{"category":"self","summary":"SUSE CVE CVE-2016-8883 page","url":"https://www.suse.com/security/cve/CVE-2016-8883/"},{"category":"self","summary":"SUSE CVE CVE-2016-8884 page","url":"https://www.suse.com/security/cve/CVE-2016-8884/"},{"category":"self","summary":"SUSE CVE CVE-2016-8885 page","url":"https://www.suse.com/security/cve/CVE-2016-8885/"},{"category":"self","summary":"SUSE CVE CVE-2016-8886 page","url":"https://www.suse.com/security/cve/CVE-2016-8886/"},{"category":"self","summary":"SUSE CVE CVE-2016-8887 page","url":"https://www.suse.com/security/cve/CVE-2016-8887/"},{"category":"self","summary":"SUSE CVE CVE-2016-9395 page","url":"https://www.suse.com/security/cve/CVE-2016-9395/"},{"category":"self","summary":"SUSE CVE CVE-2016-9398 page","url":"https://www.suse.com/security/cve/CVE-2016-9398/"},{"category":"self","summary":"SUSE CVE CVE-2016-9560 page","url":"https://www.suse.com/security/cve/CVE-2016-9560/"}],"title":"jasper-1.900.14-3.1 on GA media","tracking":{"current_release_date":"2024-06-15T00:00:00Z","generator":{"date":"2024-06-15T00:00:00Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2024:10281-1","initial_release_date":"2024-06-15T00:00:00Z","revision_history":[{"date":"2024-06-15T00:00:00Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"jasper-1.900.14-3.1.aarch64","product":{"name":"jasper-1.900.14-3.1.aarch64","product_id":"jasper-1.900.14-3.1.aarch64"}},{"category":"product_version","name":"libjasper-devel-1.900.14-3.1.aarch64","product":{"name":"libjasper-devel-1.900.14-3.1.aarch64","product_id":"libjasper-devel-1.900.14-3.1.aarch64"}},{"category":"product_version","name":"libjasper1-1.900.14-3.1.aarch64","product":{"name":"libjasper1-1.900.14-3.1.aarch64","product_id":"libjasper1-1.900.14-3.1.aarch64"}},{"category":"product_version","name":"libjasper1-32bit-1.900.14-3.1.aarch64","product":{"name":"libjasper1-32bit-1.900.14-3.1.aarch64","product_id":"libjasper1-32bit-1.900.14-3.1.aarch64"}}],"category":"architecture","name":"aarch64"},{"branches":[{"category":"product_version","name":"jasper-1.900.14-3.1.ppc64le","product":{"name":"jasper-1.900.14-3.1.ppc64le","product_id":"jasper-1.900.14-3.1.ppc64le"}},{"category":"product_version","name":"libjasper-devel-1.900.14-3.1.ppc64le","product":{"name":"libjasper-devel-1.900.14-3.1.ppc64le","product_id":"libjasper-devel-1.900.14-3.1.ppc64le"}},{"category":"product_version","name":"libjasper1-1.900.14-3.1.ppc64le","product":{"name":"libjasper1-1.900.14-3.1.ppc64le","product_id":"libjasper1-1.900.14-3.1.ppc64le"}},{"category":"product_version","name":"libjasper1-32bit-1.900.14-3.1.ppc64le","product":{"name":"libjasper1-32bit-1.900.14-3.1.ppc64le","product_id":"libjasper1-32bit-1.900.14-3.1.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"jasper-1.900.14-3.1.s390x","product":{"name":"jasper-1.900.14-3.1.s390x","product_id":"jasper-1.900.14-3.1.s390x"}},{"category":"product_version","name":"libjasper-devel-1.900.14-3.1.s390x","product":{"name":"libjasper-devel-1.900.14-3.1.s390x","product_id":"libjasper-devel-1.900.14-3.1.s390x"}},{"category":"product_version","name":"libjasper1-1.900.14-3.1.s390x","product":{"name":"libjasper1-1.900.14-3.1.s390x","product_id":"libjasper1-1.900.14-3.1.s390x"}},{"category":"product_version","name":"libjasper1-32bit-1.900.14-3.1.s390x","product":{"name":"libjasper1-32bit-1.900.14-3.1.s390x","product_id":"libjasper1-32bit-1.900.14-3.1.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"jasper-1.900.14-3.1.x86_64","product":{"name":"jasper-1.900.14-3.1.x86_64","product_id":"jasper-1.900.14-3.1.x86_64"}},{"category":"product_version","name":"libjasper-devel-1.900.14-3.1.x86_64","product":{"name":"libjasper-devel-1.900.14-3.1.x86_64","product_id":"libjasper-devel-1.900.14-3.1.x86_64"}},{"category":"product_version","name":"libjasper1-1.900.14-3.1.x86_64","product":{"name":"libjasper1-1.900.14-3.1.x86_64","product_id":"libjasper1-1.900.14-3.1.x86_64"}},{"category":"product_version","name":"libjasper1-32bit-1.900.14-3.1.x86_64","product":{"name":"libjasper1-32bit-1.900.14-3.1.x86_64","product_id":"libjasper1-32bit-1.900.14-3.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"openSUSE Tumbleweed","product":{"name":"openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed","product_identification_helper":{"cpe":"cpe:/o:opensuse:tumbleweed"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"jasper-1.900.14-3.1.aarch64 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64"},"product_reference":"jasper-1.900.14-3.1.aarch64","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"jasper-1.900.14-3.1.ppc64le as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le"},"product_reference":"jasper-1.900.14-3.1.ppc64le","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"jasper-1.900.14-3.1.s390x as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x"},"product_reference":"jasper-1.900.14-3.1.s390x","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"jasper-1.900.14-3.1.x86_64 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64"},"product_reference":"jasper-1.900.14-3.1.x86_64","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"libjasper-devel-1.900.14-3.1.aarch64 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64"},"product_reference":"libjasper-devel-1.900.14-3.1.aarch64","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"libjasper-devel-1.900.14-3.1.ppc64le as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le"},"product_reference":"libjasper-devel-1.900.14-3.1.ppc64le","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"libjasper-devel-1.900.14-3.1.s390x as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x"},"product_reference":"libjasper-devel-1.900.14-3.1.s390x","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"libjasper-devel-1.900.14-3.1.x86_64 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64"},"product_reference":"libjasper-devel-1.900.14-3.1.x86_64","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"libjasper1-1.900.14-3.1.aarch64 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64"},"product_reference":"libjasper1-1.900.14-3.1.aarch64","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"libjasper1-1.900.14-3.1.ppc64le as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le"},"product_reference":"libjasper1-1.900.14-3.1.ppc64le","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"libjasper1-1.900.14-3.1.s390x as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x"},"product_reference":"libjasper1-1.900.14-3.1.s390x","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"libjasper1-1.900.14-3.1.x86_64 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64"},"product_reference":"libjasper1-1.900.14-3.1.x86_64","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"libjasper1-32bit-1.900.14-3.1.aarch64 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64"},"product_reference":"libjasper1-32bit-1.900.14-3.1.aarch64","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"libjasper1-32bit-1.900.14-3.1.ppc64le as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le"},"product_reference":"libjasper1-32bit-1.900.14-3.1.ppc64le","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"libjasper1-32bit-1.900.14-3.1.s390x as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x"},"product_reference":"libjasper1-32bit-1.900.14-3.1.s390x","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"libjasper1-32bit-1.900.14-3.1.x86_64 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"},"product_reference":"libjasper1-32bit-1.900.14-3.1.x86_64","relates_to_product_reference":"openSUSE Tumbleweed"}]},"vulnerabilities":[{"cve":"CVE-2008-3522","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2008-3522"}],"notes":[{"category":"general","text":"Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2008-3522","url":"https://www.suse.com/security/cve/CVE-2008-3522"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2008-3522","url":"https://bugzilla.suse.com/1178702"},{"category":"external","summary":"SUSE Bug 392410 for CVE-2008-3522","url":"https://bugzilla.suse.com/392410"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"moderate"}],"title":"CVE-2008-3522"},{"cve":"CVE-2011-4516","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2011-4516"}],"notes":[{"category":"general","text":"Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2011-4516","url":"https://www.suse.com/security/cve/CVE-2011-4516"},{"category":"external","summary":"SUSE Bug 1006591 for CVE-2011-4516","url":"https://bugzilla.suse.com/1006591"},{"category":"external","summary":"SUSE Bug 725758 for CVE-2011-4516","url":"https://bugzilla.suse.com/725758"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"moderate"}],"title":"CVE-2011-4516"},{"cve":"CVE-2011-4517","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2011-4517"}],"notes":[{"category":"general","text":"The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2011-4517","url":"https://www.suse.com/security/cve/CVE-2011-4517"},{"category":"external","summary":"SUSE Bug 1006593 for CVE-2011-4517","url":"https://bugzilla.suse.com/1006593"},{"category":"external","summary":"SUSE Bug 725758 for CVE-2011-4517","url":"https://bugzilla.suse.com/725758"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"moderate"}],"title":"CVE-2011-4517"},{"cve":"CVE-2014-8137","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2014-8137"}],"notes":[{"category":"general","text":"Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2014-8137","url":"https://www.suse.com/security/cve/CVE-2014-8137"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2014-8137","url":"https://bugzilla.suse.com/1178702"},{"category":"external","summary":"SUSE Bug 909474 for CVE-2014-8137","url":"https://bugzilla.suse.com/909474"},{"category":"external","summary":"SUSE Bug 909475 for CVE-2014-8137","url":"https://bugzilla.suse.com/909475"},{"category":"external","summary":"SUSE Bug 911837 for CVE-2014-8137","url":"https://bugzilla.suse.com/911837"},{"category":"external","summary":"SUSE Bug 968373 for CVE-2014-8137","url":"https://bugzilla.suse.com/968373"},{"category":"external","summary":"SUSE Bug 969776 for CVE-2014-8137","url":"https://bugzilla.suse.com/969776"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"moderate"}],"title":"CVE-2014-8137"},{"cve":"CVE-2014-8138","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2014-8138"}],"notes":[{"category":"general","text":"Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2014-8138","url":"https://www.suse.com/security/cve/CVE-2014-8138"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2014-8138","url":"https://bugzilla.suse.com/1178702"},{"category":"external","summary":"SUSE Bug 909474 for CVE-2014-8138","url":"https://bugzilla.suse.com/909474"},{"category":"external","summary":"SUSE Bug 909475 for CVE-2014-8138","url":"https://bugzilla.suse.com/909475"},{"category":"external","summary":"SUSE Bug 911837 for CVE-2014-8138","url":"https://bugzilla.suse.com/911837"},{"category":"external","summary":"SUSE Bug 969776 for CVE-2014-8138","url":"https://bugzilla.suse.com/969776"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"important"}],"title":"CVE-2014-8138"},{"cve":"CVE-2014-8157","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2014-8157"}],"notes":[{"category":"general","text":"Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2014-8157","url":"https://www.suse.com/security/cve/CVE-2014-8157"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2014-8157","url":"https://bugzilla.suse.com/1178702"},{"category":"external","summary":"SUSE Bug 911837 for CVE-2014-8157","url":"https://bugzilla.suse.com/911837"},{"category":"external","summary":"SUSE Bug 969776 for CVE-2014-8157","url":"https://bugzilla.suse.com/969776"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"important"}],"title":"CVE-2014-8157"},{"cve":"CVE-2014-8158","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2014-8158"}],"notes":[{"category":"general","text":"Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2014-8158","url":"https://www.suse.com/security/cve/CVE-2014-8158"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2014-8158","url":"https://bugzilla.suse.com/1178702"},{"category":"external","summary":"SUSE Bug 911837 for CVE-2014-8158","url":"https://bugzilla.suse.com/911837"},{"category":"external","summary":"SUSE Bug 969776 for CVE-2014-8158","url":"https://bugzilla.suse.com/969776"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"important"}],"title":"CVE-2014-8158"},{"cve":"CVE-2014-9029","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2014-9029"}],"notes":[{"category":"general","text":"Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2014-9029","url":"https://www.suse.com/security/cve/CVE-2014-9029"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2014-9029","url":"https://bugzilla.suse.com/1178702"},{"category":"external","summary":"SUSE Bug 906364 for CVE-2014-9029","url":"https://bugzilla.suse.com/906364"},{"category":"external","summary":"SUSE Bug 909474 for CVE-2014-9029","url":"https://bugzilla.suse.com/909474"},{"category":"external","summary":"SUSE Bug 992991 for CVE-2014-9029","url":"https://bugzilla.suse.com/992991"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"important"}],"title":"CVE-2014-9029"},{"cve":"CVE-2015-5203","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-5203"}],"notes":[{"category":"general","text":"Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-5203","url":"https://www.suse.com/security/cve/CVE-2015-5203"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2015-5203","url":"https://bugzilla.suse.com/1178702"},{"category":"external","summary":"SUSE Bug 941919 for CVE-2015-5203","url":"https://bugzilla.suse.com/941919"},{"category":"external","summary":"SUSE Bug 942553 for CVE-2015-5203","url":"https://bugzilla.suse.com/942553"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"important"}],"title":"CVE-2015-5203"},{"cve":"CVE-2015-5221","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-5221"}],"notes":[{"category":"general","text":"Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-5221","url":"https://www.suse.com/security/cve/CVE-2015-5221"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2015-5221","url":"https://bugzilla.suse.com/1178702"},{"category":"external","summary":"SUSE Bug 942553 for CVE-2015-5221","url":"https://bugzilla.suse.com/942553"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"important"}],"title":"CVE-2015-5221"},{"cve":"CVE-2016-1577","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-1577"}],"notes":[{"category":"general","text":"Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-1577","url":"https://www.suse.com/security/cve/CVE-2016-1577"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2016-1577","url":"https://bugzilla.suse.com/1178702"},{"category":"external","summary":"SUSE Bug 968373 for CVE-2016-1577","url":"https://bugzilla.suse.com/968373"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"important"}],"title":"CVE-2016-1577"},{"cve":"CVE-2016-1867","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-1867"}],"notes":[{"category":"general","text":"The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-1867","url":"https://www.suse.com/security/cve/CVE-2016-1867"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2016-1867","url":"https://bugzilla.suse.com/1178702"},{"category":"external","summary":"SUSE Bug 961886 for CVE-2016-1867","url":"https://bugzilla.suse.com/961886"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.1"},"products":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"moderate"}],"title":"CVE-2016-1867"},{"cve":"CVE-2016-2089","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-2089"}],"notes":[{"category":"general","text":"The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-2089","url":"https://www.suse.com/security/cve/CVE-2016-2089"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2016-2089","url":"https://bugzilla.suse.com/1178702"},{"category":"external","summary":"SUSE Bug 963983 for CVE-2016-2089","url":"https://bugzilla.suse.com/963983"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.1"},"products":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"moderate"}],"title":"CVE-2016-2089"},{"cve":"CVE-2016-2116","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-2116"}],"notes":[{"category":"general","text":"Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-2116","url":"https://www.suse.com/security/cve/CVE-2016-2116"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2016-2116","url":"https://bugzilla.suse.com/1178702"},{"category":"external","summary":"SUSE Bug 968373 for CVE-2016-2116","url":"https://bugzilla.suse.com/968373"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":3.3,"baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","version":"3.1"},"products":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"moderate"}],"title":"CVE-2016-2116"},{"cve":"CVE-2016-8654","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-8654"}],"notes":[{"category":"general","text":"A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-8654","url":"https://www.suse.com/security/cve/CVE-2016-8654"},{"category":"external","summary":"SUSE Bug 1012530 for CVE-2016-8654","url":"https://bugzilla.suse.com/1012530"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2016-8654","url":"https://bugzilla.suse.com/1178702"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"important"}],"title":"CVE-2016-8654"},{"cve":"CVE-2016-8690","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-8690"}],"notes":[{"category":"general","text":"The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-8690","url":"https://www.suse.com/security/cve/CVE-2016-8690"},{"category":"external","summary":"SUSE Bug 1005084 for CVE-2016-8690","url":"https://bugzilla.suse.com/1005084"},{"category":"external","summary":"SUSE Bug 1007009 for CVE-2016-8690","url":"https://bugzilla.suse.com/1007009"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2016-8690","url":"https://bugzilla.suse.com/1178702"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"moderate"}],"title":"CVE-2016-8690"},{"cve":"CVE-2016-8691","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-8691"}],"notes":[{"category":"general","text":"The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-8691","url":"https://www.suse.com/security/cve/CVE-2016-8691"},{"category":"external","summary":"SUSE Bug 1005090 for CVE-2016-8691","url":"https://bugzilla.suse.com/1005090"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2016-8691","url":"https://bugzilla.suse.com/1178702"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"moderate"}],"title":"CVE-2016-8691"},{"cve":"CVE-2016-8692","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-8692"}],"notes":[{"category":"general","text":"The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-8692","url":"https://www.suse.com/security/cve/CVE-2016-8692"},{"category":"external","summary":"SUSE Bug 1005090 for CVE-2016-8692","url":"https://bugzilla.suse.com/1005090"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2016-8692","url":"https://bugzilla.suse.com/1178702"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"moderate"}],"title":"CVE-2016-8692"},{"cve":"CVE-2016-8693","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-8693"}],"notes":[{"category":"general","text":"Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-8693","url":"https://www.suse.com/security/cve/CVE-2016-8693"},{"category":"external","summary":"SUSE Bug 1005242 for CVE-2016-8693","url":"https://bugzilla.suse.com/1005242"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2016-8693","url":"https://bugzilla.suse.com/1178702"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"moderate"}],"title":"CVE-2016-8693"},{"cve":"CVE-2016-8880","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-8880"}],"notes":[{"category":"general","text":"DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4516. Reason: This candidate is a duplicate of CVE-2011-4516. Notes: All CVE users should reference CVE-2011-4516 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-8880","url":"https://www.suse.com/security/cve/CVE-2016-8880"},{"category":"external","summary":"SUSE Bug 1006591 for CVE-2016-8880","url":"https://bugzilla.suse.com/1006591"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2016-8880","url":"https://bugzilla.suse.com/1178702"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"moderate"}],"title":"CVE-2016-8880"},{"cve":"CVE-2016-8881","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-8881"}],"notes":[{"category":"general","text":"DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4517. Reason: This candidate is a duplicate of CVE-2011-4517. Notes: All CVE users should reference CVE-2011-4517 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-8881","url":"https://www.suse.com/security/cve/CVE-2016-8881"},{"category":"external","summary":"SUSE Bug 1006593 for CVE-2016-8881","url":"https://bugzilla.suse.com/1006593"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2016-8881","url":"https://bugzilla.suse.com/1178702"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"moderate"}],"title":"CVE-2016-8881"},{"cve":"CVE-2016-8882","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-8882"}],"notes":[{"category":"general","text":"The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-8882","url":"https://www.suse.com/security/cve/CVE-2016-8882"},{"category":"external","summary":"SUSE Bug 1006597 for CVE-2016-8882","url":"https://bugzilla.suse.com/1006597"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2016-8882","url":"https://bugzilla.suse.com/1178702"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"moderate"}],"title":"CVE-2016-8882"},{"cve":"CVE-2016-8883","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-8883"}],"notes":[{"category":"general","text":"The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-8883","url":"https://www.suse.com/security/cve/CVE-2016-8883"},{"category":"external","summary":"SUSE Bug 1006598 for CVE-2016-8883","url":"https://bugzilla.suse.com/1006598"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2016-8883","url":"https://bugzilla.suse.com/1178702"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.1"},"products":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"moderate"}],"title":"CVE-2016-8883"},{"cve":"CVE-2016-8884","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-8884"}],"notes":[{"category":"general","text":"The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-8884","url":"https://www.suse.com/security/cve/CVE-2016-8884"},{"category":"external","summary":"SUSE Bug 1005084 for CVE-2016-8884","url":"https://bugzilla.suse.com/1005084"},{"category":"external","summary":"SUSE Bug 1007009 for CVE-2016-8884","url":"https://bugzilla.suse.com/1007009"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2016-8884","url":"https://bugzilla.suse.com/1178702"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"low"}],"title":"CVE-2016-8884"},{"cve":"CVE-2016-8885","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-8885"}],"notes":[{"category":"general","text":"The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-8885","url":"https://www.suse.com/security/cve/CVE-2016-8885"},{"category":"external","summary":"SUSE Bug 1005084 for CVE-2016-8885","url":"https://bugzilla.suse.com/1005084"},{"category":"external","summary":"SUSE Bug 1007009 for CVE-2016-8885","url":"https://bugzilla.suse.com/1007009"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2016-8885","url":"https://bugzilla.suse.com/1178702"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"low"}],"title":"CVE-2016-8885"},{"cve":"CVE-2016-8886","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-8886"}],"notes":[{"category":"general","text":"The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-8886","url":"https://www.suse.com/security/cve/CVE-2016-8886"},{"category":"external","summary":"SUSE Bug 1006599 for CVE-2016-8886","url":"https://bugzilla.suse.com/1006599"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2016-8886","url":"https://bugzilla.suse.com/1178702"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"low"}],"title":"CVE-2016-8886"},{"cve":"CVE-2016-8887","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-8887"}],"notes":[{"category":"general","text":"The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-8887","url":"https://www.suse.com/security/cve/CVE-2016-8887"},{"category":"external","summary":"SUSE Bug 1006836 for CVE-2016-8887","url":"https://bugzilla.suse.com/1006836"},{"category":"external","summary":"SUSE Bug 1006839 for CVE-2016-8887","url":"https://bugzilla.suse.com/1006839"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2016-8887","url":"https://bugzilla.suse.com/1178702"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"low"}],"title":"CVE-2016-8887"},{"cve":"CVE-2016-9395","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-9395"}],"notes":[{"category":"general","text":"The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-9395","url":"https://www.suse.com/security/cve/CVE-2016-9395"},{"category":"external","summary":"SUSE Bug 1010977 for CVE-2016-9395","url":"https://bugzilla.suse.com/1010977"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2016-9395","url":"https://bugzilla.suse.com/1178702"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"moderate"}],"title":"CVE-2016-9395"},{"cve":"CVE-2016-9398","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-9398"}],"notes":[{"category":"general","text":"The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-9398","url":"https://www.suse.com/security/cve/CVE-2016-9398"},{"category":"external","summary":"SUSE Bug 1010979 for CVE-2016-9398","url":"https://bugzilla.suse.com/1010979"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2016-9398","url":"https://bugzilla.suse.com/1178702"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.5,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"moderate"}],"title":"CVE-2016-9398"},{"cve":"CVE-2016-9560","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-9560"}],"notes":[{"category":"general","text":"Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-9560","url":"https://www.suse.com/security/cve/CVE-2016-9560"},{"category":"external","summary":"SUSE Bug 1011830 for CVE-2016-9560","url":"https://bugzilla.suse.com/1011830"},{"category":"external","summary":"SUSE Bug 1178702 for CVE-2016-9560","url":"https://bugzilla.suse.com/1178702"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Tumbleweed:jasper-1.900.14-3.1.aarch64","openSUSE Tumbleweed:jasper-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:jasper-1.900.14-3.1.s390x","openSUSE Tumbleweed:jasper-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-1.900.14-3.1.x86_64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.aarch64","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.ppc64le","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.s390x","openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-06-15T00:00:00Z","details":"important"}],"title":"CVE-2016-9560"}]}