Bugzilla – Bug 942553
VUL-0: CVE-2015-5221: jasper: Use-after-free (and double-free) in Jasper JPEG-200 (CVE-2015-5221)
Last modified: 2019-11-02 19:49:00 UTC
Via OSS Security: http://seclists.org/oss-sec/2015/q3/408 ----------------------------- A new use-after-free was found in Jasper JPEG-200. The use-after-free appears in the function mif_process_cmpt of the src/libjasper/mif/mif_cod.c file. Both tvp and tvp->buf are freed by jas_tvparser_destroy(tvp) (line 572), but if one of the two following branch conditions is taken (line 573/576), a second call to jas_tvparser_destroy(tvp) occurs (line 586). It is a use-after-free because before calling free in jas_tvparser_destroy there is a check to tvp->buf, while tvp could have been freed. Two double free take place just after this check (on tvp->buf and tvp). A simple fix should be to move the first call of jas_tvparser_destroy after the two branch conditions (or set tvp to NULL after it has been freed in mif_process_cmpt). The vulnerability was found by a static binary analysis using the tool gueb (that will become open-source soon). Since another double-free in this library was found recently (http://seclists.org/oss-sec/2015/q3/366), maybe a patch could fix both of them ? Best regards, Feist Josselin ----------------------------- CVE-2015-5221 was assigned to this issue. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5221 http://seclists.org/oss-sec/2015/q3/408
The mentioned double-free is handled in bug 941919.
bugbot adjusting priority
openSUSE-SU-2016:2722-1: An update that fixes 14 vulnerabilities is now available. Category: security (moderate) Bug References: 1005084,1005090,1005242,1006591,1006593,1006597,1006598,1006599,392410,941919,942553,968373 CVE References: CVE-2008-3522,CVE-2015-5203,CVE-2015-5221,CVE-2016-1577,CVE-2016-2116,CVE-2016-8690,CVE-2016-8691,CVE-2016-8692,CVE-2016-8693,CVE-2016-8880,CVE-2016-8881,CVE-2016-8882,CVE-2016-8883,CVE-2016-8886 Sources used: openSUSE 13.2 (src): jasper-1.900.14-163.24.1
SUSE-SU-2016:2775-1: An update that fixes 20 vulnerabilities is now available. Category: security (moderate) Bug References: 1005084,1005090,1005242,1006591,1006593,1006597,1006598,1006599,1006836,1006839,1007009,392410,941919,942553,961886,963983,968373 CVE References: CVE-2008-3522,CVE-2014-8158,CVE-2015-5203,CVE-2015-5221,CVE-2016-1577,CVE-2016-1867,CVE-2016-2089,CVE-2016-2116,CVE-2016-8690,CVE-2016-8691,CVE-2016-8692,CVE-2016-8693,CVE-2016-8880,CVE-2016-8881,CVE-2016-8882,CVE-2016-8883,CVE-2016-8884,CVE-2016-8885,CVE-2016-8886,CVE-2016-8887 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP2 (src): jasper-1.900.14-181.1 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): jasper-1.900.14-181.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): jasper-1.900.14-181.1 SUSE Linux Enterprise Server 12-SP2 (src): jasper-1.900.14-181.1 SUSE Linux Enterprise Server 12-SP1 (src): jasper-1.900.14-181.1 SUSE Linux Enterprise Desktop 12-SP2 (src): jasper-1.900.14-181.1 SUSE Linux Enterprise Desktop 12-SP1 (src): jasper-1.900.14-181.1
SUSE-SU-2016:2776-1: An update that fixes 19 vulnerabilities is now available. Category: security (moderate) Bug References: 1005084,1005090,1005242,1006591,1006593,1006597,1006598,1006599,1006836,1006839,1007009,392410,941919,942553,961886,963983,968373 CVE References: CVE-2008-3522,CVE-2015-5203,CVE-2015-5221,CVE-2016-1577,CVE-2016-1867,CVE-2016-2089,CVE-2016-2116,CVE-2016-8690,CVE-2016-8691,CVE-2016-8692,CVE-2016-8693,CVE-2016-8880,CVE-2016-8881,CVE-2016-8882,CVE-2016-8883,CVE-2016-8884,CVE-2016-8885,CVE-2016-8886,CVE-2016-8887 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): jasper-1.900.14-134.25.1 SUSE Linux Enterprise Server 11-SP4 (src): jasper-1.900.14-134.25.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): jasper-1.900.14-134.25.1
openSUSE-SU-2016:2833-1: An update that fixes 20 vulnerabilities is now available. Category: security (moderate) Bug References: 1005084,1005090,1005242,1006591,1006593,1006597,1006598,1006599,1006836,1006839,1007009,392410,941919,942553,961886,963983,968373 CVE References: CVE-2008-3522,CVE-2014-8158,CVE-2015-5203,CVE-2015-5221,CVE-2016-1577,CVE-2016-1867,CVE-2016-2089,CVE-2016-2116,CVE-2016-8690,CVE-2016-8691,CVE-2016-8692,CVE-2016-8693,CVE-2016-8880,CVE-2016-8881,CVE-2016-8882,CVE-2016-8883,CVE-2016-8884,CVE-2016-8885,CVE-2016-8886,CVE-2016-8887 Sources used: openSUSE Leap 42.2 (src): jasper-1.900.14-167.1 openSUSE Leap 42.1 (src): jasper-1.900.14-166.1
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2017-08-08. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/63789
released