https://nvd.nist.gov/vuln/detail/CVE-2017-9782 "JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c."
CVE-2017-9782 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9782): JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c.
Not fixed in version 2.0.14 https://github.com/mdadams/jasper/issues/140
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c70fe723dcfe0fabab75f3a76942207018e83e1f commit c70fe723dcfe0fabab75f3a76942207018e83e1f Author: David Seifert <soap@gentoo.org> AuthorDate: 2019-07-14 10:29:20 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2019-07-14 10:29:20 +0000 package.mask: Last rite media-libs/jasper Bug: https://bugs.gentoo.org/601068 Bug: https://bugs.gentoo.org/614028 Bug: https://bugs.gentoo.org/614032 Bug: https://bugs.gentoo.org/614566 Bug: https://bugs.gentoo.org/619120 Bug: https://bugs.gentoo.org/624988 Bug: https://bugs.gentoo.org/629286 Bug: https://bugs.gentoo.org/635552 Bug: https://bugs.gentoo.org/662160 Bug: https://bugs.gentoo.org/674154 Bug: https://bugs.gentoo.org/674214 Bug: https://bugs.gentoo.org/684826 Bug: https://bugs.gentoo.org/689784 Signed-off-by: David Seifert <soap@gentoo.org> profiles/base/package.use.mask | 23 +++++++++++++++++++++++ profiles/package.mask | 7 +++++++ 2 files changed, 30 insertions(+)
This issue was resolved and addressed in GLSA 201908-03 at https://security.gentoo.org/glsa/201908-03 by GLSA coordinator Aaron Bauman (b-man).
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=77aebdf0b31765b33831ca5b02ea3d98f13c46cd commit 77aebdf0b31765b33831ca5b02ea3d98f13c46cd Author: David Seifert <soap@gentoo.org> AuthorDate: 2019-08-27 09:07:01 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2019-08-27 09:07:01 +0000 media-libs/jasper: Remove from tree Bug: https://bugs.gentoo.org/674214 Closes: https://bugs.gentoo.org/601068 Closes: https://bugs.gentoo.org/614028 Closes: https://bugs.gentoo.org/614032 Closes: https://bugs.gentoo.org/614566 Closes: https://bugs.gentoo.org/619120 Closes: https://bugs.gentoo.org/624988 Closes: https://bugs.gentoo.org/629286 Closes: https://bugs.gentoo.org/635552 Closes: https://bugs.gentoo.org/662160 Closes: https://bugs.gentoo.org/674154 Closes: https://bugs.gentoo.org/684826 Closes: https://bugs.gentoo.org/689784 Package-Manager: Portage-2.3.72, Repoman-2.3.17 Signed-off-by: David Seifert <soap@gentoo.org> media-libs/jasper/Manifest | 2 - .../files/jasper-2.0.14-fix-test-suite.patch | 28 --------- media-libs/jasper/jasper-2.0.14.ebuild | 67 ---------------------- media-libs/jasper/jasper-2.0.16.ebuild | 65 --------------------- media-libs/jasper/jasper-9999.ebuild | 65 --------------------- media-libs/jasper/metadata.xml | 11 ---- 6 files changed, 238 deletions(-)