rpm package

suse/jasper&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5

pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Vulnerabilities (27)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-9399	Hig	7.5	< 1.900.14-195.22.1	1.900.14-195.22.1	Mar 23, 2017	The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2016-9398	Hig	7.5	< 1.900.14-195.22.1	1.900.14-195.22.1	Mar 23, 2017	The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2016-9397	Hig	7.5	< 1.900.14-195.22.1	1.900.14-195.22.1	Mar 23, 2017	The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2017-5505	Med	5.5	< 1.900.14-195.22.1	1.900.14-195.22.1	Mar 16, 2017	The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.
CVE-2017-5504	Med	5.5	< 1.900.14-195.22.1	1.900.14-195.22.1	Mar 1, 2017	The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.
CVE-2017-5503	Med	5.5	< 1.900.14-195.22.1	1.900.14-195.22.1	Mar 1, 2017	The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-5499	Med	5.5	< 1.900.14-195.22.1	1.900.14-195.22.1	Mar 1, 2017	Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.

CVE-2016-9399HigMar 23, 2017
affected < 1.900.14-195.22.1fixed 1.900.14-195.22.1
The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2016-9398HigMar 23, 2017
affected < 1.900.14-195.22.1fixed 1.900.14-195.22.1
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2016-9397HigMar 23, 2017
affected < 1.900.14-195.22.1fixed 1.900.14-195.22.1
The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2017-5505MedMar 16, 2017
affected < 1.900.14-195.22.1fixed 1.900.14-195.22.1
The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.
CVE-2017-5504MedMar 1, 2017
affected < 1.900.14-195.22.1fixed 1.900.14-195.22.1
The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.
CVE-2017-5503MedMar 1, 2017
affected < 1.900.14-195.22.1fixed 1.900.14-195.22.1
The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-5499MedMar 1, 2017
affected < 1.900.14-195.22.1fixed 1.900.14-195.22.1
Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.

Page 2 of 2