what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

CVE-2008-3522

Status Candidate

Overview

Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.

Related Files

Slackware Security Advisory - jasper Updates
Posted Oct 30, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New jasper packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2008-3520, CVE-2008-3522, CVE-2011-4516, CVE-2011-4517, CVE-2014-8137, CVE-2014-8138, CVE-2014-8157, CVE-2014-8158, CVE-2014-9029
SHA-256 | 3c4a3a5cf1e480feed4b9092b1aa939f9e0eaf1cd0b6da12b95876f269e7e405
Red Hat Security Advisory 2015-0698-01
Posted Mar 19, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0698-01 - Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.

tags | advisory, protocol
systems | linux, redhat, windows
advisories | CVE-2008-3520, CVE-2008-3522, CVE-2011-4516, CVE-2011-4517, CVE-2014-8137, CVE-2014-8138, CVE-2014-8157, CVE-2014-8158, CVE-2014-9029
SHA-256 | 68a43a747ec94c539289d4690fe6d0f323e73e13ebc4e27e63b022686014f904
Ubuntu Security Notice USN-1317-1
Posted Jan 4, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1317-1 - It was discovered that Ghostscript did not correctly handle memory allocation when parsing certain malformed JPEG-2000 images. If a user or automated system were tricked into opening a specially crafted image, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges. It was discovered that Ghostscript did not correctly handle certain formatting operations when parsing JPEG-2000 images. If a user or automated system were tricked into opening a specially crafted image, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2008-3520, CVE-2008-3522, CVE-2009-3743, CVE-2010-4054, CVE-2011-4516, CVE-2011-4517
SHA-256 | 1fcf7293472e791a0923b72c104ac27add330ec563ccfa26ed3174c631ebbd57
Debian Linux Security Advisory 2080-1
Posted Aug 3, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2080-1 - Several security issues have been discovered in Ghostscript, the GPL PostScript/PDF interpreter, which might lead to the execution of arbitrary code if a user processes a malformed PDF or Postscript file.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2007-6725, CVE-2008-3522, CVE-2008-6679, CVE-2009-0196, CVE-2009-0792, CVE-2009-4270, CVE-2010-1869
SHA-256 | e4041acaa31e18f427619f7fda91a9bb056b0d4e044eec876f34876cc862fced
Mandriva Linux Security Advisory 2009-317
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-317 - Multiple security vulnerabilities has been identified and fixed Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation. Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read. Packages for 2008.0 are being provided due to extended support for Corporate products. This update fixes this vulnerability.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2008-3520, CVE-2008-3522, CVE-2008-4799
SHA-256 | baa80d8442db814e48275e8f9a82bf6ae94f1973a66428643331d63e0b57da68
Mandriva Linux Security Advisory 2009-311
Posted Dec 4, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-311 - Multiple security vulnerabilities has been identified and fixed in ghostscript.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-6725, CVE-2008-3520, CVE-2008-3522, CVE-2008-6679, CVE-2009-0196, CVE-2009-0583, CVE-2009-0584, CVE-2009-0792
SHA-256 | 7d620b4793a61a790bea974d9d2e7ae93d719f604dcaef5d8714471748e8c774
Mandriva Linux Security Advisory 2009-142
Posted Dec 4, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-142 - Multiple security vulnerabilities has been identified and fixed in jasper. The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert. Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation. The jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to overwrite arbitrary files via a symlink attack on a tmp.XXXXXXXXXX temporary file. Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. The updated packages have been patched to prevent this. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, remote, denial of service, overflow, arbitrary, local, vulnerability
systems | linux, mandriva
advisories | CVE-2007-2721, CVE-2008-3520, CVE-2008-3521, CVE-2008-3522
SHA-256 | bb011ce7611d59bfda01a973ade80c606450b41a47cc876e66e2bab18cf98dc6
Mandriva Linux Security Advisory 2009-165
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-165 - Multiple security vulnerabilities have been identified and fixed in ghostscript.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-3520, CVE-2008-3522
SHA-256 | 5cf24eebbe56a194ea9cc2bb03c4bd19320dac24d63dee63d41a6250ab218361
Mandriva Linux Security Advisory 2009-164
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-164 - Multiple security vulnerabilities have been identified and fixed in jasper. The updated packages have been patched to prevent this.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-2721, CVE-2008-3520, CVE-2008-3521, CVE-2008-3522
SHA-256 | fbcfb12e4936b56d1c5970de9f62efc23910b68cde27f78e2bbb884450d097ca
Mandriva Linux Security Advisory 2009-144
Posted Jun 29, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-144 - Multiple security vulnerabilities has been identified and fixed in ghostscript. This update makes ghostscript link against the shared system jasper library which makes it easier to address presumptive future security issues in the jasper library.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-3520, CVE-2008-3522
SHA-256 | a61cd6517359627eca577c640766aa444bd2aa82cf7fb95668bc1460faace6d6
Mandriva Linux Security Advisory 2009-143
Posted Jun 26, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-143 - Multiple security vulnerabilities has been identified and fixed in netpbm. The updated packages have been patched to prevent this.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-3520, CVE-2008-3522
SHA-256 | b81ea8edb865aa9d27f8415798b828cc20746cd83801b09dfc80cc4527f2804a
Mandriva Linux Security Advisory 2009-142
Posted Jun 26, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-142 - Multiple security vulnerabilities have been identified and fixed in jasper. The updated packages have been patched to prevent this.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-2721, CVE-2008-3520, CVE-2008-3521, CVE-2008-3522
SHA-256 | b920991474e725876f9cb28ec9f67c5880d98861c674fd23c25eec1f1ac63adc
Ubuntu Security Notice 742-1
Posted Mar 20, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-742-1 - It was discovered that JasPer did not correctly handle memory allocation when parsing certain malformed JPEG2000 images. If a user were tricked into opening a specially crafted image with an application that uses libjasper, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges. It was discovered that JasPer created temporary files in an insecure way. Local users could exploit a race condition and cause a denial of service in libjasper applications. It was discovered that JasPer did not correctly handle certain formatting operations. If a user were tricked into opening a specially crafted image with an application that uses libjasper, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2008-3520, CVE-2008-3521, CVE-2008-3522
SHA-256 | ceccfd6fef2b3c020e4997d4f5e70f5339b859709880e7609d97a4b9af7869b4
Gentoo Linux Security Advisory 200812-18
Posted Dec 16, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200812-18 - Multiple memory management errors in JasPer might lead to execution of arbitrary code via jpeg2k files. Versions less than 1.900.1-r3 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2008-3520, CVE-2008-3522
SHA-256 | 4d57aebd7f1e7f3c83b382b57ad902e73ac27115f7b4c7d96b63d1bae4385111
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close