jasper-1.900.1-33.0.2.el7.AXS7
エラータID: AXSA:2025-10995:02
リリース日:
2025/10/28 Tuesday - 09:48
題名:
jasper-1.900.1-33.0.2.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- JasPer には、メモリ領域の解放後利用の問題があるため、ローカル
の攻撃者により、情報の漏洩、データ破壊、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2025-8837)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-8837
A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue.
A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue.
追加情報:
N/A
ダウンロード:
Asianux Server 7 for x86_64
- jasper-libs-1.900.1-33.0.2.el7.AXS7.i686.rpm
MD5: fdf7b97fa08c056739e4bb47a0025a19
SHA-256: 6425b654d0f6656ffbda65d705ba419f9925041914c0d2dd1dd007f00504e708
Size: 147.32 kB - jasper-libs-1.900.1-33.0.2.el7.AXS7.x86_64.rpm
MD5: 1daad8c6c936d3f12bae7d9f3a9c6471
SHA-256: f162796e0c6927fb5ab9024075e78ec0c64765c233bd0ff3221c5fa2b051019e
Size: 150.00 kB
English