CLSA-2026-1777456996 jasper: Fix of 3 CVEs

CVE-2021-26926: prevent out-of-bounds read in jp2decode by hard-erroring on inconsistent IHDR/BPCC component metadata - CVE-2021-26927: prevent out-of-bounds read in jp2decode by hard-erroring on inconsistent IHDR/BPCC component metadata - CVE-2021-3272: prevent heap-based buffer over-read in...

Linux Distros Unpatched Vulnerability : CVE-2021-26927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2decode in jp2dec.c may lead to program crash and denial of service. CVE-2021-26927 No...

SUSE CVE-2017-9782

JasPer 2.0.12 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted image, related to the jp2decode function in libjasper/jp2/jp2dec.c...

SUSE CVE-2018-19542

An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2decode in libjasper/jp2/jp2dec.c, leading to a denial of service...

SUSE CVE-2021-3272

jp2decode in jp2/jp2dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components...

jasper: Heap-based buffer over-read in jp2_decode() in jp2_dec.c

jp2decode in jp2/jp2dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components...

AZL-6492 CVE-2021-26927 affecting package jasper for versions less than 2.0.32-2

A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2decode in jp2dec.c may lead to program crash and denial of service...

JasPer 代码问题漏洞

JasPer is an open source project that aims to provide a free software-based reference implementation of the codecs specified in the JPEG-2000 Part-1 standard. A null pointer dereference vulnerability exists in jp2decode in jp2dec.c in versions of jasper prior to 2.0.25. An attacker can exploit th...

JasPer 缓冲区错误漏洞

JasPer is an open source project that aims to provide a free software-based reference implementation of the codecs specified in the JPEG-2000 Part-1 standard. An out-of-bounds read vulnerability exists in the jp2decode function in versions of jasper prior to 2.0.25. An attacker could exploit this...

UBUNTU-CVE-2021-3272

jp2decode in jp2/jp2dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components...

UBUNTU-CVE-2018-19542

An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2decode in libjasper/jp2/jp2dec.c, leading to a denial of service...

UBUNTU-CVE-2017-9782

JasPer 2.0.12 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted image, related to the jp2decode function in libjasper/jp2/jp2dec.c...

jasper: heap overflow in jp2_decode() (oCERT-2014-012)

A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code...

jasper: heap overflow in jp2_decode() (oCERT-2014-012)

A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code...