Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в библиотеке Jasper
Опубликовано:20 марта 2009 г.
Источник:
SecurityVulns ID:9759
Тип:библиотека
Уровень опасности:
5/10
Описание:Целочисленные переполнения при обработке JPEG2000, ошибка форматной строки, проблема символьных линков.
Затронутые продукты:JASPER : JasPer 1.900
CVE:CVE-2008-3522 (Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.)
 CVE-2008-3521 (Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.)
 CVE-2008-3520 (Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.)
Оригинальный текстdocumentUBUNTU, [USN-742-1] JasPer vulnerabilities (20.03.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород