jasper-1.900.1-33.0.4.el7.AXS7
エラータID: AXSA:2025-11014:03
リリース日:
2025/11/04 Tuesday - 16:02
題名:
jasper-1.900.1-33.0.4.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- JasPer には、NULL ポインタデリファレンスの問題があるため、
ローカルの攻撃者により、サービス拒否攻撃を可能とする脆弱性が
存在します。(CVE-2025-8835)
- JasPer には、ローカルの攻撃者により、サービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2025-8836)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-8835
A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jas_image_chclrspc of the file src/libjasper/base/jas_image.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is bb7d62bd0a2a8e0e1fdb4d603f3305f955158c52. It is recommended to apply a patch to fix this issue.
A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jas_image_chclrspc of the file src/libjasper/base/jas_image.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is bb7d62bd0a2a8e0e1fdb4d603f3305f955158c52. It is recommended to apply a patch to fix this issue.
CVE-2025-8836
A vulnerability was determined in JasPer up to 4.2.5. Affected by this issue is the function jpc_floorlog2 of the file src/libjasper/jpc/jpc_enc.c of the component JPEG2000 Encoder. The manipulation leads to reachable assertion. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 79185d32d7a444abae441935b20ae4676b3513d4. It is recommended to apply a patch to fix this issue.
A vulnerability was determined in JasPer up to 4.2.5. Affected by this issue is the function jpc_floorlog2 of the file src/libjasper/jpc/jpc_enc.c of the component JPEG2000 Encoder. The manipulation leads to reachable assertion. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 79185d32d7a444abae441935b20ae4676b3513d4. It is recommended to apply a patch to fix this issue.
追加情報:
N/A
ダウンロード:
Asianux Server 7 for x86_64
- jasper-libs-1.900.1-33.0.4.el7.AXS7.i686.rpm
MD5: a4343796884912d83b5ec4e7d9d95909
SHA-256: 69d9569ccd0f1a026f3264e0ed4add9edb8248be7bda58cf4b645d6dc6751b0a
Size: 147.96 kB - jasper-libs-1.900.1-33.0.4.el7.AXS7.x86_64.rpm
MD5: 24751bb0a7eaf51b787f464265007384
SHA-256: 079ed9241e2b9f414840cdfa0cf037f9849a25b06b5ddb0dc8c820c404098ad9
Size: 150.59 kB
English