CVE-2011-4516 — jasper - buffer overflows

Description

Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.

How to fix CVE-2011-4516

To remediate CVE-2011-4516, upgrade the affected package to a fixed version below.

Debian/ghostscript—upgrade to 8.64~dfsg-2 or later
Debian/jasper—upgrade to 1.900.1-7+squeeze1 or later

Is CVE-2011-4516 being exploited?

Moderate — EPSS is 47.8%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 8.64~dfsg-2
from 0, < 1.900.1-7+squeeze1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-4516