Package libjasper updated to version 4.0.0-alt1 for branch sisyphus in task 326391.

Published: 2022-10-14
Modified: 2024-11-21

CVE-2022-2963

A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

https://access.redhat.com/security/cve/CVE-2022-2963
https://access.redhat.com/security/cve/CVE-2022-2963
https://bugzilla.redhat.com/show_bug.cgi?id=2118587
https://bugzilla.redhat.com/show_bug.cgi?id=2118587
https://github.com/jasper-software/jasper/issues/332
https://github.com/jasper-software/jasper/issues/332

Published: 2022-09-17
Modified: 2024-11-21

CVE-2022-40755

JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

https://github.com/jasper-software/jasper/issues/338
https://github.com/jasper-software/jasper/issues/338

Version: 2.1.0

Package libjasper update in sisyphus on 2023-08-04

ALT-PU-2023-4734-2

Closed vulnerabilities

CVE-2022-2963

CVE-2022-40755