user/jasper: multiple vulnerabilities
Bugzilla ID | 253 |
Alias(es) | CVE-2016-9398, CVE-2016-9399, CVE-2017-13746, CVE-2017-13748, CVE-2017-13750, CVE-2017-13751, CVE-2017-14132, CVE-2017-14232, CVE-2017-5499, CVE-2017-5503, CVE-2017-5504, CVE-2017-5505, CVE-2017-6851, CVE-2017-9782, CVE-2018-18873, CVE-2018-19139, CVE-2018-19540, CVE-2018-19541, CVE-2018-19543, CVE-2018-20570, CVE-2018-20622, CVE-2018-9055, CVE-2018-9154, CVE-2018-9252 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2020-04-03 14:18:15 -0500 |
Modified | 2020-10-30 22:37:34 -0500 |
Status | IN_PROGRESS |
Version | 1.0-RC1 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
Package(s) | user/jasper |
URL | https://nvd.nist.gov/vuln/detail/CVE-2017-14232 |
Description
The read_chunk function in flif-dec.cpp in Free Lossless Image Format
(FLIF) 0.3 allows remote attackers to cause a denial of service
(invalid memory read and application crash) via a crafted flif file.