All errata/sisyphus/ALT-PU-2021-1241-1
ALT-PU-2021-1241-1

Package update libjasper in branch sisyphus

Version2.0.25-alt1
Task#265995
Published2021-02-09
Max severityHIGH
Severity:

Closed issues (3)

CVE-2021-26926
HIGH7.1

A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.

Published: 2021-02-23Modified: 2024-11-21
CVSS 2.0MEDIUM 5.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:P
CVSS 3.xHIGH 7.1
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
References
CVE-2021-26927
MEDIUM5.5

A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.

Published: 2021-02-23Modified: 2024-11-21
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References
CVE-2021-3272
MEDIUM5.5

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.

Published: 2021-01-27Modified: 2024-11-21
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References