ALT-PU-2021-1114-1
Closed vulnerabilities
Published: 2020-12-11
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-27828
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- https://bugzilla.redhat.com/show_bug.cgi?id=1905201
- https://bugzilla.redhat.com/show_bug.cgi?id=1905201
- https://github.com/jasper-software/jasper/issues/252
- https://github.com/jasper-software/jasper/issues/252
- FEDORA-2020-c549cf2462
- FEDORA-2020-c549cf2462
- FEDORA-2020-596e40f29c
- FEDORA-2020-596e40f29c
- FEDORA-2021-0a6290f865
- FEDORA-2021-0a6290f865
- FEDORA-2021-2b151590d9
- FEDORA-2021-2b151590d9