CVE-2008-3522

Publication date 2 October 2008

Last updated 24 July 2024

Ubuntu priority

Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
ghostscript	11.10 oneiric	Not affected
	11.04 natty	Not affected
	10.10 maverick	Fixed 8.71.dfsg.2-0ubuntu7.1
	10.04 LTS lucid	Fixed 8.71.dfsg.1-0ubuntu5.4
	8.04 LTS hardy	Fixed 8.61.dfsg.1-1ubuntu3.4
jasper	11.10 oneiric	Not affected
	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	8.10 intrepid	Fixed 1.900.1-5ubuntu0.1
	8.04 LTS hardy	Fixed 1.900.1-3ubuntu0.8.04.1
	7.10 gutsy	Fixed 1.900.1-3ubuntu0.7.10.1
	7.04 feisty	Ignored
	6.06 LTS dapper	Fixed 1.701.0-2ubuntu0.6.06.1

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
jasper	Vendor: https://bugzilla.redhat.com/attachment.cgi?id=316079 Vendor: http://patch-tracking.debian.net/patch/series/view/jasper/1.900.1-5.1/02_security.dpatch

References

Related Ubuntu Security Notices (USN)

USN-742-1
JasPer vulnerabilities
19 March 2009

USN-1317-1
Ghostscript vulnerabilities
4 January 2012

Other references

https://www.cve.org/CVERecord?id=CVE-2008-3522