Arch Linux Security Advisory ASA-201508-10 ========================================== Severity: Medium Date : 2015-08-26 CVE-ID : CVE-2015-5203 Package : jasper Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The packages jasper before version 1.900.1-14 is vulnerable to denial of service. Resolution ========== Upgrade to 1.900.1-14. # pacman -Syu "jasper>=1.900.1-14" The problem has not been fixed upstream yet. Workaround ========== None. Description =========== A double free issue has been discovered in the function jasper_image_stop_load. This vulnerability can be triggered by loading a specially crafted image through jasper. Impact ====== A remote attacker is able to send a specially crafted image that triggers a double free leading to denial of service. References ========== http://seclists.org/oss-sec/2015/q3/366 https://access.redhat.com/security/cve/CVE-2015-5203