jasper-1.900.14-3.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10281 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z jasper-1.900.14-3.1 on GA media These are all security issues fixed in the jasper-1.900.14-3.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10281 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10281 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2008-3522/ SUSE CVE CVE-2008-3522 page https://www.suse.com/security/cve/CVE-2011-4516/ SUSE CVE CVE-2011-4516 page https://www.suse.com/security/cve/CVE-2011-4517/ SUSE CVE CVE-2011-4517 page https://www.suse.com/security/cve/CVE-2014-8137/ SUSE CVE CVE-2014-8137 page https://www.suse.com/security/cve/CVE-2014-8138/ SUSE CVE CVE-2014-8138 page https://www.suse.com/security/cve/CVE-2014-8157/ SUSE CVE CVE-2014-8157 page https://www.suse.com/security/cve/CVE-2014-8158/ SUSE CVE CVE-2014-8158 page https://www.suse.com/security/cve/CVE-2014-9029/ SUSE CVE CVE-2014-9029 page https://www.suse.com/security/cve/CVE-2015-5203/ SUSE CVE CVE-2015-5203 page https://www.suse.com/security/cve/CVE-2015-5221/ SUSE CVE CVE-2015-5221 page https://www.suse.com/security/cve/CVE-2016-1577/ SUSE CVE CVE-2016-1577 page https://www.suse.com/security/cve/CVE-2016-1867/ SUSE CVE CVE-2016-1867 page https://www.suse.com/security/cve/CVE-2016-2089/ SUSE CVE CVE-2016-2089 page https://www.suse.com/security/cve/CVE-2016-2116/ SUSE CVE CVE-2016-2116 page https://www.suse.com/security/cve/CVE-2016-8654/ SUSE CVE CVE-2016-8654 page https://www.suse.com/security/cve/CVE-2016-8690/ SUSE CVE CVE-2016-8690 page https://www.suse.com/security/cve/CVE-2016-8691/ SUSE CVE CVE-2016-8691 page https://www.suse.com/security/cve/CVE-2016-8692/ SUSE CVE CVE-2016-8692 page https://www.suse.com/security/cve/CVE-2016-8693/ SUSE CVE CVE-2016-8693 page https://www.suse.com/security/cve/CVE-2016-8880/ SUSE CVE CVE-2016-8880 page https://www.suse.com/security/cve/CVE-2016-8881/ SUSE CVE CVE-2016-8881 page https://www.suse.com/security/cve/CVE-2016-8882/ SUSE CVE CVE-2016-8882 page https://www.suse.com/security/cve/CVE-2016-8883/ SUSE CVE CVE-2016-8883 page https://www.suse.com/security/cve/CVE-2016-8884/ SUSE CVE CVE-2016-8884 page https://www.suse.com/security/cve/CVE-2016-8885/ SUSE CVE CVE-2016-8885 page https://www.suse.com/security/cve/CVE-2016-8886/ SUSE CVE CVE-2016-8886 page https://www.suse.com/security/cve/CVE-2016-8887/ SUSE CVE CVE-2016-8887 page https://www.suse.com/security/cve/CVE-2016-9395/ SUSE CVE CVE-2016-9395 page https://www.suse.com/security/cve/CVE-2016-9398/ SUSE CVE CVE-2016-9398 page https://www.suse.com/security/cve/CVE-2016-9560/ SUSE CVE CVE-2016-9560 page openSUSE Tumbleweed jasper-1.900.14-3.1 libjasper-devel-1.900.14-3.1 libjasper1-1.900.14-3.1 libjasper1-32bit-1.900.14-3.1 jasper-1.900.14-3.1 as a component of openSUSE Tumbleweed libjasper-devel-1.900.14-3.1 as a component of openSUSE Tumbleweed libjasper1-1.900.14-3.1 as a component of openSUSE Tumbleweed libjasper1-32bit-1.900.14-3.1 as a component of openSUSE Tumbleweed Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. CVE-2008-3522 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-3522.html CVE-2008-3522 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 https://bugzilla.suse.com/392410 SUSE Bug 392410 Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file. CVE-2011-4516 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-4516.html CVE-2011-4516 https://bugzilla.suse.com/1006591 SUSE Bug 1006591 https://bugzilla.suse.com/725758 SUSE Bug 725758 The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file. CVE-2011-4517 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-4517.html CVE-2011-4517 https://bugzilla.suse.com/1006593 SUSE Bug 1006593 https://bugzilla.suse.com/725758 SUSE Bug 725758 Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file. CVE-2014-8137 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8137.html CVE-2014-8137 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 https://bugzilla.suse.com/909474 SUSE Bug 909474 https://bugzilla.suse.com/909475 SUSE Bug 909475 https://bugzilla.suse.com/911837 SUSE Bug 911837 https://bugzilla.suse.com/968373 SUSE Bug 968373 https://bugzilla.suse.com/969776 SUSE Bug 969776 Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file. CVE-2014-8138 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8138.html CVE-2014-8138 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 https://bugzilla.suse.com/909474 SUSE Bug 909474 https://bugzilla.suse.com/909475 SUSE Bug 909475 https://bugzilla.suse.com/911837 SUSE Bug 911837 https://bugzilla.suse.com/969776 SUSE Bug 969776 Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow. CVE-2014-8157 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8157.html CVE-2014-8157 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 https://bugzilla.suse.com/911837 SUSE Bug 911837 https://bugzilla.suse.com/969776 SUSE Bug 969776 Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image. CVE-2014-8158 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8158.html CVE-2014-8158 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 https://bugzilla.suse.com/911837 SUSE Bug 911837 https://bugzilla.suse.com/969776 SUSE Bug 969776 Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow. CVE-2014-9029 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-9029.html CVE-2014-9029 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 https://bugzilla.suse.com/906364 SUSE Bug 906364 https://bugzilla.suse.com/909474 SUSE Bug 909474 https://bugzilla.suse.com/992991 SUSE Bug 992991 Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. CVE-2015-5203 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-5203.html CVE-2015-5203 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 https://bugzilla.suse.com/941919 SUSE Bug 941919 https://bugzilla.suse.com/942553 SUSE Bug 942553 Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. CVE-2015-5221 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-5221.html CVE-2015-5221 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 https://bugzilla.suse.com/942553 SUSE Bug 942553 Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137. CVE-2016-1577 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-1577.html CVE-2016-1577 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 https://bugzilla.suse.com/968373 SUSE Bug 968373 The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image. CVE-2016-1867 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-1867.html CVE-2016-1867 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 https://bugzilla.suse.com/961886 SUSE Bug 961886 The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image. CVE-2016-2089 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2089.html CVE-2016-2089 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 https://bugzilla.suse.com/963983 SUSE Bug 963983 Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file. CVE-2016-2116 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2116.html CVE-2016-2116 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 https://bugzilla.suse.com/968373 SUSE Bug 968373 A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected. CVE-2016-8654 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-8654.html CVE-2016-8654 https://bugzilla.suse.com/1012530 SUSE Bug 1012530 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command. CVE-2016-8690 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-8690.html CVE-2016-8690 https://bugzilla.suse.com/1005084 SUSE Bug 1005084 https://bugzilla.suse.com/1007009 SUSE Bug 1007009 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command. CVE-2016-8691 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-8691.html CVE-2016-8691 https://bugzilla.suse.com/1005090 SUSE Bug 1005090 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command. CVE-2016-8692 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-8692.html CVE-2016-8692 https://bugzilla.suse.com/1005090 SUSE Bug 1005090 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command. CVE-2016-8693 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-8693.html CVE-2016-8693 https://bugzilla.suse.com/1005242 SUSE Bug 1005242 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4516. Reason: This candidate is a duplicate of CVE-2011-4516. Notes: All CVE users should reference CVE-2011-4516 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2016-8880 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-8880.html CVE-2016-8880 https://bugzilla.suse.com/1006591 SUSE Bug 1006591 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4517. Reason: This candidate is a duplicate of CVE-2011-4517. Notes: All CVE users should reference CVE-2011-4517 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2016-8881 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-8881.html CVE-2016-8881 https://bugzilla.suse.com/1006593 SUSE Bug 1006593 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. CVE-2016-8882 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-8882.html CVE-2016-8882 https://bugzilla.suse.com/1006597 SUSE Bug 1006597 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. CVE-2016-8883 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-8883.html CVE-2016-8883 https://bugzilla.suse.com/1006598 SUSE Bug 1006598 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690. CVE-2016-8884 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-8884.html CVE-2016-8884 https://bugzilla.suse.com/1005084 SUSE Bug 1005084 https://bugzilla.suse.com/1007009 SUSE Bug 1007009 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. CVE-2016-8885 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-8885.html CVE-2016-8885 https://bugzilla.suse.com/1005084 SUSE Bug 1005084 https://bugzilla.suse.com/1007009 SUSE Bug 1007009 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure. CVE-2016-8886 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-8886.html CVE-2016-8886 https://bugzilla.suse.com/1006599 SUSE Bug 1006599 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference). CVE-2016-8887 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-8887.html CVE-2016-8887 https://bugzilla.suse.com/1006836 SUSE Bug 1006836 https://bugzilla.suse.com/1006839 SUSE Bug 1006839 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. CVE-2016-9395 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9395.html CVE-2016-9395 https://bugzilla.suse.com/1010977 SUSE Bug 1010977 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. CVE-2016-9398 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9398.html CVE-2016-9398 https://bugzilla.suse.com/1010979 SUSE Bug 1010979 https://bugzilla.suse.com/1178702 SUSE Bug 1178702 Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image. CVE-2016-9560 openSUSE Tumbleweed:jasper-1.900.14-3.1 openSUSE Tumbleweed:libjasper-devel-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-1.900.14-3.1 openSUSE Tumbleweed:libjasper1-32bit-1.900.14-3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9560.html CVE-2016-9560 https://bugzilla.suse.com/1011830 SUSE Bug 1011830 https://bugzilla.suse.com/1178702 SUSE Bug 1178702