Technical Description

A vulnerability has been identified in Fedora, which could be exploited by attackers to cause a denial of service or potentially compromise an affected system. This issue is caused by an error in the "jpc_qcx_getcompparms()" [jpc/jpc_cs.c] function when processing malformed images, which could be exploited to crash an affected application or potentially execute arbitrary code.

Affected Products

Fedora Core 7

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/7/

d1ad33ddc37ab768ed6680048be8d6ff298c5193 jasper-debuginfo-1.900.1-2.fc7.ppc64.rpm
487a2d7359e9bda009d1cb90e12d9a94b4bb8455 jasper-devel-1.900.1-2.fc7.ppc64.rpm
b848fcedda02f79acc2ad2a50d058ee43a274651 jasper-1.900.1-2.fc7.ppc64.rpm
3efe94050c58f766413f0c8981e33d9b49ed7a83 jasper-devel-1.900.1-2.fc7.i386.rpm
7dbffd09354793d414153b58525d50edc63efe9f jasper-1.900.1-2.fc7.i386.rpm
8800f678c0f0e59617b5406026f9ea024c74d59a jasper-debuginfo-1.900.1-2.fc7.i386.rpm
e062a97af5434d7f6fdc43ae78468b810e79363a jasper-debuginfo-1.900.1-2.fc7.x86_64.rpm
661da74b51d29d66f1aa9e7a0cab5e9d00e387f2 jasper-devel-1.900.1-2.fc7.x86_64.rpm
28b3c4972e4fe4ff559508f275baf44afa737fe3 jasper-1.900.1-2.fc7.x86_64.rpm
2fd896cac056c8213ccc8316645357bfbe31fefa jasper-debuginfo-1.900.1-2.fc7.ppc.rpm
379381c938132c783da4f20fd32fcd67d6c02f81 jasper-1.900.1-2.fc7.ppc.rpm
24c1f280a11268e0297a2440898bf5e4637dfcea jasper-devel-1.900.1-2.fc7.ppc.rpm
b51f9c6f957de49b24964c90f3da385d6379164a jasper-1.900.1-2.fc7.src.rpm

References

http://www.vupen.com/english/advisories/2007/2030
https://www.redhat.com/archives/fedora-package-announce/2007-May/msg00077.html

ChangeLog

2007-06-04 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.