Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 571256 (CVE-2015-8751) - <media-libs/jasper-1.900.6: Integer overflow in jas_matrix_create()
Summary: <media-libs/jasper-1.900.6: Integer overflow in jas_matrix_create()
Alias: CVE-2015-8751
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa cve]
Depends on:
Reported: 2016-01-08 08:17 UTC by Agostino Sarubbo
Modified: 2017-07-08 12:39 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-01-08 08:17:27 UTC
From ${URL} :

We find a vulnerability in the way JasPer's jas_matrix_create() function parsed certain JPEG 2000 
image files. 

jas_matrix_t *jas_matrix_create(int numrows, int numcols)

	if (matrix->maxrows_ > 0) {
		if (!(matrix->rows_ = jas_malloc(matrix->maxrows_ *
		  sizeof(jas_seqent_t *)))) {


matrix->maxrows_ > 0 ,but matrix->maxrows_ *sizeof(jas_seqent_t *) can cause Integer overflow.

Reported by Qihoo 360 Codesafe Team


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Agostino Sarubbo gentoo-dev 2016-10-19 09:40:10 UTC
This is fixed in the latest jasper-1.900.6

We will stabilize it.
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2017-04-30 19:54:29 UTC
New GLSA Request filed.

Arches and Maintainer(s), Thank you for your work.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2017-07-08 12:39:39 UTC
This issue was resolved and addressed in
 GLSA 201707-07 at
by GLSA coordinator Thomas Deutschmann (whissi).