exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2007-2721

Status Candidate

Overview

The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.

Related Files

Debian Linux Security Advisory 2036-1
Posted Apr 19, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2036-1 - It was discovered that the JasPer JPEG-2000 runtime library allowed an attacker to create a crafted input file that could lead to denial of service and heap corruption.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2007-2721
SHA-256 | cf5a0bb145b9c1b0113f2ecb2ccee344d98505ef365970176e918e35139cb418
Mandriva Linux Security Advisory 2009-142
Posted Dec 4, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-142 - Multiple security vulnerabilities has been identified and fixed in jasper. The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert. Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation. The jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to overwrite arbitrary files via a symlink attack on a tmp.XXXXXXXXXX temporary file. Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. The updated packages have been patched to prevent this. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, remote, denial of service, overflow, arbitrary, local, vulnerability
systems | linux, mandriva
advisories | CVE-2007-2721, CVE-2008-3520, CVE-2008-3521, CVE-2008-3522
SHA-256 | bb011ce7611d59bfda01a973ade80c606450b41a47cc876e66e2bab18cf98dc6
Mandriva Linux Security Advisory 2009-164
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-164 - Multiple security vulnerabilities have been identified and fixed in jasper. The updated packages have been patched to prevent this.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-2721, CVE-2008-3520, CVE-2008-3521, CVE-2008-3522
SHA-256 | fbcfb12e4936b56d1c5970de9f62efc23910b68cde27f78e2bbb884450d097ca
Mandriva Linux Security Advisory 2009-142
Posted Jun 26, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-142 - Multiple security vulnerabilities have been identified and fixed in jasper. The updated packages have been patched to prevent this.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-2721, CVE-2008-3520, CVE-2008-3521, CVE-2008-3522
SHA-256 | b920991474e725876f9cb28ec9f67c5880d98861c674fd23c25eec1f1ac63adc
Mandriva Linux Security Advisory 2007.209
Posted Nov 6, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A function in the JasPer JPEG-2000 library before 1.900 could allow a remote user-assisted attack to cause a crash and possibly corrupt the heap via malformed image files. netpbm contains an embedded copy of libjasper and as such is vulnerable to this issue.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2007-2721
SHA-256 | 19c3df195e84a6820651f344e1ec958724f84edcd8efea41d94128ac53a6095c
Mandriva Linux Security Advisory 2007.208
Posted Nov 6, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A function in the JasPer JPEG-2000 library before 1.900 could allow a remote user-assisted attack to cause a crash and possibly corrupt the heap via malformed image files. Newer versions of ghostscript contain an embedded copy of libjasper and as such is vulnerable to this issue.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2007-2721
SHA-256 | f0ea1e0d11da10e98ce692e6d6695ee62c67d00cec585f503476fc3e983a3693
Ubuntu Security Notice 501-2
Posted Oct 23, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 501-2 - USN-501-1 fixed vulnerabilities in Jasper. This update provides the corresponding update for the Jasper internal to Ghostscript. It was discovered that Jasper did not correctly handle corrupted JPEG2000 images. By tricking a user into opening a specially crafted JPG, a remote attacker could cause the application using libjasper to crash, resulting in a denial of service.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-2721
SHA-256 | 11388cfcc387fd482c29011d81aaefee39a8deafdc25825cb291c70ebbc6aebc
Ubuntu Security Notice 501-1
Posted Aug 21, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 501-1 - It was discovered that Jasper did not correctly handle corrupted JPEG2000 images. By tricking a user into opening a specially crafted JPG, a remote attacker could cause the application using libjasper to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2007-2721
SHA-256 | 8af14802821ef49f14b75525d01d7f1a7f1e1ff5e060972b247e749fbca9f1f2
Mandriva Linux Security Advisory 2007.129
Posted Jun 21, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A function in the JasPer JPEG-2000 library before 1.900 could allow a remote user-assisted attack to cause a crash and possibly corrupt the heap via malformed image files.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2007-2721
SHA-256 | 49e35eea195f9ef8ba10b6f706e71bf6d035c1334146bf2abb1b501007b5e26f
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close