ELA-1036-1 jasper security update

invalid memory write

2024-01-30
Packagejasper
Version1.900.1-debian1-2.4+deb8u12 (jessie)
Related CVEs CVE-2023-51257


An issue has been found in jasper, a library and programs for manipulating JPEG-2000 files. The issue is about an invalid memory write which might allow a local attacker to execute arbitrary code.



For Debian 8 jessie, these problems have been fixed in version 1.900.1-debian1-2.4+deb8u12.

We recommend that you upgrade your jasper packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.