阿里云漏洞库

JasPer 1.900.17中jasper_image_stop_load函数中的Double free漏洞允许远程攻击者通过精心制作的JPEG 2000图像文件导致拒绝服务（崩溃）。

用户可参考如下厂商提供的安全补丁以修复该漏洞：
https://github.com/karelzak/util-linux/commit/bde91c85bdc77975155058276f99d2e0f5eab5a9

参考链接
http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html
http://lists.opensuse.org/opensuse-updates/2016-11/msg00018.html
http://lists.opensuse.org/opensuse-updates/2016-11/msg00064.html
http://www.openwall.com/lists/oss-security/2015/08/16/2
https://access.redhat.com/errata/RHSA-2017:1208
https://bugzilla.redhat.com/show_bug.cgi?id=1254242
https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://security.gentoo.org/glsa/201707-07
https://usn.ubuntu.com/3693-1/

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	jasper_project	jasper	1.900.17	-
	运行在以下环境
	系统	debian	DPKG	*		Up to (excluding) 0
	运行在以下环境
	系统	fedoraproject	fedora	23	-
	运行在以下环境
	系统	fedoraproject	fedora	24	-
	运行在以下环境
	系统	fedoraproject	fedora	25	-
	运行在以下环境
	系统	opensuse	leap	42.2	-
	运行在以下环境
	系统	opensuse	opensuse	13.1	-
	运行在以下环境
	系统	opensuse	opensuse	13.2	-
	运行在以下环境
	系统	opensuse_project	leap	42.1	-
	运行在以下环境
	系统	redhat_7	jasper	*		Up to (excluding) 0:1.900.1-30.el7_3
	运行在以下环境
	系统	suse_12	libjasper1	*		Up to (excluding) 1.900.14-194
	运行在以下环境
	系统	ubuntu_14.04.6_lts	jasper	*		Up to (excluding) 1.900.1-14ubuntu3.5
	运行在以下环境
	系统	ubuntu_16.04.7_lts	jasper	*		Up to (excluding) 1.900.1-debian1-2.4ubuntu1.2

CWE-ID	漏洞类型
CWE-415	双重释放