Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240397
Summary: CVE-2007-2721: jasper DoS, heap corruption Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: jasper AssignedTo: rdieter@math.unl.edu ReportedBy: ville.skytta@iki.fi QAContact: extras-qa@fedoraproject.org CC: fedora-security-list@redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2721
"The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert."
Appears to affect 1.900.1 too.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-2721: jasper DoS, heap corruption
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240397
rdieter@math.unl.edu changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED
------- Additional Comments From rdieter@math.unl.edu 2007-05-29 12:01 EST ------- %changelog * Wed May 23 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 1.900.1-2 - CVE-2007-2721 (#240397)
Built most everywhere, except F7+, pending F7 release and update mechanism.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-2721: jasper DoS, heap corruption
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240397
rdieter@math.unl.edu changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |ERRATA
------- Additional Comments From rdieter@math.unl.edu 2007-05-30 23:35 EST ------- F7 security update requested.
Queued fixed FC-5, FC-6 builds as well, I was wrong before, had only done epel-4, epel-5 builds.
closing.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=240397
Tomas Hoger thoger@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |346501
security@lists.fedoraproject.org