USN-2919-1 JasPer vulnerabilities
Severity
Medium
Vendor
Ubuntu, JasPer
Versions Affected
- Ubuntu 14.04 LTS
Description
Jacob Baines discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2016-1577)
Tyler Hicks discovered that JasPer incorrectly handled memory when processing JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to consume memory, resulting in a denial of service. (CVE-2016-2116)
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
- All versions of Cloud Foundry rootfs prior to 1.41.0
- All versions of Pivotal Elastic Runtime
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry project recommends that Cloud Foundry deployments run with rootfs version 1.41.0 and higher
- Upgrade Pivotal Elastic Runtime 1.5.x versions to 1.5.18 or later OR 1.6.x versions to 1.6.19 or later
Credit
Jacob Baines, Tyler Hicks