diff options
| author | Dirk Meyer <dinoex@FreeBSD.org> | 2013-04-18 04:03:08 +0000 |
|---|---|---|
| committer | Dirk Meyer <dinoex@FreeBSD.org> | 2013-04-18 04:03:08 +0000 |
| commit | faced0325438238261905ed4c736781b4587923c (patch) | |
| tree | bb6063bd4cca0575d8cdc0d5fb9f40c61245cb99 /security | |
| parent | 8f3d39708610bb70748df195f258e40c820cb6d4 (diff) | |
Notes
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 42a3059b2df7..452c9e9a6cb8 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,38 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="8ff84335-a7da-11e2-b3f5-003067c2616f"> + <topic>jasper -- buffer overflow</topic> + <affects> + <package> + <name>jasper</name> + <range><lt>1.900.1_11</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Fedora reports:</p> + <blockquote cite="http://www.kb.cert.org/vuls/id/887409"> + <p>JasPer fails to properly decode marker segments and other + sections in malformed JPEG2000 files. Malformed inputs can + cause heap buffer overflows which in turn may result in + execution of attacker-controlled code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-3520</cvename> + <cvename>CVE-2008-3522</cvename> + <cvename>CVE-2011-4516</cvename> + <cvename>CVE-2011-4517</cvename> + <url>http://www.kb.cert.org/vuls/id/887409</url> + </references> + <dates> + <discovery>2011-12-09</discovery> + <entry>2013-04-18</entry> + </dates> + </vuln> + <vuln vid="2070c79a-8e1e-11e2-b34d-000c2957946c"> <topic>ModSecurity -- XML External Entity Processing Vulnerability</topic> <affects> |