Integer overflow in the jpcdecprocesssiz function in libjasper/jpc/jpcdec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.
{ "binaries": [ { "binary_name": "libjasper-dev", "binary_version": "1.900.1-14ubuntu3.5" }, { "binary_name": "libjasper-runtime", "binary_version": "1.900.1-14ubuntu3.5" }, { "binary_name": "libjasper-runtime-dbgsym", "binary_version": "1.900.1-14ubuntu3.5" }, { "binary_name": "libjasper1", "binary_version": "1.900.1-14ubuntu3.5" }, { "binary_name": "libjasper1-dbgsym", "binary_version": "1.900.1-14ubuntu3.5" } ], "availability": "No subscription required", "ubuntu_priority": "negligible" }
{ "binaries": [ { "binary_name": "libjasper-dev", "binary_version": "1.900.1-debian1-2.4ubuntu1.2" }, { "binary_name": "libjasper-runtime", "binary_version": "1.900.1-debian1-2.4ubuntu1.2" }, { "binary_name": "libjasper-runtime-dbgsym", "binary_version": "1.900.1-debian1-2.4ubuntu1.2" }, { "binary_name": "libjasper1", "binary_version": "1.900.1-debian1-2.4ubuntu1.2" }, { "binary_name": "libjasper1-dbgsym", "binary_version": "1.900.1-debian1-2.4ubuntu1.2" } ], "availability": "No subscription required", "ubuntu_priority": "negligible" }