CVE-2011-4516

Name of the Vulnerable Software and Affected Versions netpbm-progs versions 10.35.58 netpbm-devel versions 10.35.58 netpbm versions 10.35.58 JasPer versions prior to 1.900.1-r4

Description The issue concerns multiple vulnerabilities in the netpbm and JasPer packages, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, a heap-based buffer overflow in the jpc cox getcompparms function in libjasper/jpc/jpc cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.

Recommendations For netpbm-progs version 10.35.58, update to a version that contains a fix for this issue. For netpbm-devel version 10.35.58, update to a version that contains a fix for this issue. For netpbm version 10.35.58, update to a version that contains a fix for this issue. For JasPer versions prior to 1.900.1-r4, update to version 1.900.1-r4 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable jpc cox getcompparms function in JasPer until a patch is available.