Все бюллетени/sisyphus/ALT-PU-2021-1241-1
ALT-PU-2021-1241-1

Обновление пакета libjasper в ветке sisyphus

Версия2.0.25-alt1
Задание#265995
Опубликовано2021-02-09
Макс. серьёзностьHIGH
Серьёзность:

Закрытые проблемы (3)

CVE-2021-26926
HIGH7.1

A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.

Опубликовано: 2021-02-23Изменено: 2024-11-21
CVSS 2.0СРЕДНЯЯ 5.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:P
CVSS 3.xВЫСОКАЯ 7.1
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Ссылки
CVE-2021-26927
MEDIUM5.5

A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.

Опубликовано: 2021-02-23Изменено: 2024-11-21
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Ссылки
CVE-2021-3272
MEDIUM5.5

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.

Опубликовано: 2021-01-27Изменено: 2024-11-21
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Ссылки