JasPer: Multiple Vulnerabilities Multiple vulnerabilities have been found in JasPer, the worst of which could could allow an attacker to execute arbitrary code. jasper 2015-03-06 2015-03-06 531688 533744 537530 remote 1.900.1-r9 1.900.1-r9

JasPer is a software-based implementation of the codec specified in the JPEG-2000 Part-1 standard.

Multiple vulnerabilities have been discovered in JasPer. Please review the CVE identifiers referenced below for details.

A remote attacker could entice a user to open a specially crafted file using JasPer, possibly resulting in execution of arbitrary code.

There is no known workaround at this time.

All jasper users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/jasper-1.900.1-r9" CVE-2014-8137 CVE-2014-8138 CVE-2014-8157 CVE-2014-8158 CVE-2014-9029 Zlogene Zlogene