Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2023-1733
HistoryApr 13, 2023 - 7:01 p.m.

Important: jasper

2023-04-1319:01:00
alas.aws.amazon.com
21

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

49.1%

JSON

Issue Overview:

A flaw was found in the Jasper tool’s jpc encoder. This flaw allows an attacker to craft input provided to Jasper, causing an arbitrary out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-27828)

A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash. (CVE-2021-26926)

A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service. (CVE-2021-26927)

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components. (CVE-2021-3272)

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened. (CVE-2021-3443)

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened. (CVE-2021-3467)

Affected Packages:

jasper

Issue Correction:
Run yum update jasper to update your system.

New Packages:

i686:  
    jasper-devel-1.900.1-21.12.amzn1.i686  
    jasper-1.900.1-21.12.amzn1.i686  
    jasper-libs-1.900.1-21.12.amzn1.i686  
    jasper-utils-1.900.1-21.12.amzn1.i686  
    jasper-debuginfo-1.900.1-21.12.amzn1.i686  
  
src:  
    jasper-1.900.1-21.12.amzn1.src  
  
x86_64:  
    jasper-utils-1.900.1-21.12.amzn1.x86_64  
    jasper-devel-1.900.1-21.12.amzn1.x86_64  
    jasper-libs-1.900.1-21.12.amzn1.x86_64  
    jasper-debuginfo-1.900.1-21.12.amzn1.x86_64  
    jasper-1.900.1-21.12.amzn1.x86_64

Additional References

Red Hat: CVE-2020-27828, CVE-2021-26926, CVE-2021-26927, CVE-2021-3272, CVE-2021-3443, CVE-2021-3467

Mitre: CVE-2020-27828, CVE-2021-26926, CVE-2021-26927, CVE-2021-3272, CVE-2021-3443, CVE-2021-3467

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686jasper-devel< 1.900.1-21.12.amzn1jasper-devel-1.900.1-21.12.amzn1.i686.rpm
Amazon Linux1i686jasper< 1.900.1-21.12.amzn1jasper-1.900.1-21.12.amzn1.i686.rpm
Amazon Linux1i686jasper-libs< 1.900.1-21.12.amzn1jasper-libs-1.900.1-21.12.amzn1.i686.rpm
Amazon Linux1i686jasper-utils< 1.900.1-21.12.amzn1jasper-utils-1.900.1-21.12.amzn1.i686.rpm
Amazon Linux1i686jasper-debuginfo< 1.900.1-21.12.amzn1jasper-debuginfo-1.900.1-21.12.amzn1.i686.rpm
Amazon Linux1x86_64jasper-utils< 1.900.1-21.12.amzn1jasper-utils-1.900.1-21.12.amzn1.x86_64.rpm
Amazon Linux1x86_64jasper-devel< 1.900.1-21.12.amzn1jasper-devel-1.900.1-21.12.amzn1.x86_64.rpm
Amazon Linux1x86_64jasper-libs< 1.900.1-21.12.amzn1jasper-libs-1.900.1-21.12.amzn1.x86_64.rpm
Amazon Linux1x86_64jasper-debuginfo< 1.900.1-21.12.amzn1jasper-debuginfo-1.900.1-21.12.amzn1.x86_64.rpm
Amazon Linux1x86_64jasper< 1.900.1-21.12.amzn1jasper-1.900.1-21.12.amzn1.x86_64.rpm

Related

amazon 1
nessus 33
oraclelinux 1
almalinux 1
redhat 2
osv 9
rocky 1
openvas 29
suse 2
rosalinux 1
fedora 15
freebsd 2
mageia 3
veracode 3
cve 6
redhatcve 6
ubuntucve 6
prion 6
cbl_mariner 5
ubuntu 1
ibm 3
amazon
amazon
Important: jasper
2023-04-13 19:28:00
nessus
nessus
Amazon Linux 2 : jasper (ALAS-2023-2018)
2023-04-20 00:00:00
Amazon Linux AMI : jasper (ALAS-2023-1733)
2023-04-21 00:00:00
AlmaLinux 8 : jasper (ALSA-2021:4235)
2022-02-09 00:00:00
oraclelinux
oraclelinux
jasper security update
2021-11-16 00:00:00
almalinux
almalinux
Moderate: jasper security update
2021-11-09 08:48:32
redhat
redhat
(RHSA-2021:4235) Moderate: jasper security update
2021-11-09 08:48:32
(RHSA-2022:0202) Moderate: Migration Toolkit for Containers (MTC) 1.6.3 security and bug fix update
2022-01-20 06:27:36
osv
osv
Moderate: jasper security update
2021-11-09 08:48:32
Moderate: jasper security update
2021-11-09 08:48:32
CVE-2020-27828
2020-12-11 04:15:11
rocky
rocky
jasper security update
2021-11-09 08:48:32
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:1479-1)
2022-05-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:1475-1)
2022-05-02 00:00:00
openSUSE: Security Advisory for jasper (SUSE-SU-2022:1479-1)
2022-05-17 00:00:00
suse
suse
Security update for jasper (moderate)
2022-04-29 00:00:00
Security update for jasper (important)
2021-02-18 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2307
2023-12-12 12:29:23
fedora
fedora
[SECURITY] Fedora 32 Update: jasper-2.0.25-1.fc32
2021-02-17 05:10:02
[SECURITY] Fedora 33 Update: jasper-2.0.25-1.fc33
2021-02-12 01:44:28
[SECURITY] Fedora 34 Update: mingw-jasper-2.0.26-1.fc34
2021-03-19 20:28:36
freebsd
freebsd
jasper -- multiple vulnerabilities
2021-02-07 00:00:00
jasper -- heap overflow vulnerability
2020-12-08 00:00:00
mageia
mageia
Updated jasper packages fix security vulnerability
2021-03-04 19:53:32
Updated jasper packages fix security vulnerabilities
2021-06-14 00:32:39
Updated jasper packages fix security vulnerability
2020-12-17 16:10:41
veracode
veracode
Arbitrary Code Execution
2021-01-11 18:12:08
Null Dereference
2023-11-07 11:58:11
NULL Pointer Dereference
2023-11-07 06:26:14
cve
cve
CVE-2020-27828
2020-12-11 04:15:00
CVE-2021-26927
2021-02-23 20:15:00
CVE-2021-26926
2021-02-23 18:15:00
redhatcve
redhatcve
CVE-2020-27828
2020-12-07 17:59:12
CVE-2021-26926
2021-02-09 15:47:15
CVE-2021-26927
2021-02-09 15:43:53
ubuntucve
ubuntucve
CVE-2020-27828
2020-12-11 00:00:00
CVE-2021-26927
2021-02-23 00:00:00
CVE-2021-26926
2021-02-23 00:00:00
prion
prion
Out-of-bounds
2020-12-11 04:15:00
Null pointer dereference
2021-02-23 20:15:00
Out-of-bounds
2021-02-23 18:15:00
cbl_mariner
cbl_mariner
CVE-2021-26927 affecting package jasper 2.0.24-4
2022-04-09 06:51:44
CVE-2021-26926 affecting package jasper 2.0.24-4
2022-04-09 06:51:44
CVE-2021-3443 affecting package jasper 2.0.24-4
2022-04-09 06:51:44
ubuntu
ubuntu
JasPer vulnerabilities
2021-01-11 00:00:00
ibm
ibm
Security Bulletin: App Connect Enterprise Certified Container UBI updates
2024-02-02 14:30:02
Security Bulletin: Cloud Pak for Security contains packages that have multiple vulnerabilities
2022-04-01 16:38:26
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs
2023-03-08 18:05:21

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

49.1%

JSON
Related for ALAS-2023-1733
amazon1nessus33oraclelinux1almalinux1redhat2osv9rocky1openvas29suse2rosalinux1fedora15freebsd2mageia3veracode3cve6redhatcve6ubuntucve6prion6cbl_mariner5ubuntu1ibm3