CVE-2008-3520 – jasper: multiple integer overflows in jas_alloc calls
https://notcve.org/view.php?id=CVE-2008-3520
Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation. Múltiples desbordamientos de entero en JasPer v1.900.1 pueden permitir a atacantes dependientes de contexto tener un impacto desconocido a través de ficheros de imagen manipuladas, relacionado con la multiplicación de enteros para localizaciones de memoria. • http://bugs.gentoo.org/show_bug.cgi?id=222819 http://rhn.redhat.com/errata/RHSA-2015-0698.html http://secunia.com/advisories/33173 http://secunia.com/advisories/34391 http://security.gentoo.org/glsa/glsa-200812-18.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:142 http://www.mandriva.com/security/advisories?name=MDVSA-2009:144 http://www.mandriva.com/security/advisories?name=MDVSA-2009:164 http://www.redhat.com/support/errata/RHSA-2009-0012.html http:/ • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2008-3522 – jasper: possible buffer overflow in jas_stream_printf()
https://notcve.org/view.php?id=CVE-2008-3522
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. Desbordamiento de búfer en la función jas_stream_printf de libjasper/base/jas_stream.c en JasPer v1.900.1 puede permitir a atacantes dependientes de contexto tener un impacto desconocido a través de vectores relacionados con la función mif_hdr_put y la utilización de vsprintf. • http://bugs.gentoo.org/attachment.cgi?id=163282&action=view http://bugs.gentoo.org/show_bug.cgi?id=222819 http://rhn.redhat.com/errata/RHSA-2015-0698.html http://secunia.com/advisories/33173 http://secunia.com/advisories/34391 http://security.gentoo.org/glsa/glsa-200812-18.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:142 http://www.mandriva.com/security/advisories?name=MDVSA-2009:144 http://www.mandriva.com/security/advisories? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •