CLSA-2026-1778227041 jasper: Fix of 3 CVEs

Add Amazon Linux 2 ELS support mirrors centos7els branch with .amzn2 dist via / leapfrog over stock 1.900.1-33.amzn2.0.1 - Import CVE-2020-27828 patch from amzn2 stock SRPM out-of-bounds write in jpc encoder; jasper-2.0.14-CVE-2020-27828.patch - Import CVE-2021-3443 patch from amzn2 stock SRPM...

Detection strategies across cloud and identities against infiltrating IT workers

In this article 1. Attack chain overview 1. Activities in pre-recruitment phase 2. Activities in recruiting phase 3. Activities in post-recruitment phase 2. Mitigation and protection guidance 3. Microsoft Defender XDR detections The shift to remote and hybrid work since the pandemic expanded glob...

Hitachi Energy Ellipse

SUMMARY Hitachi Energy is aware of a Jasper Report vulnerability that affects the Ellipse product versions mentioned in this document below. This vulnerability can be exploited to carry out remote code execution RCE attack on the product. Please refer to the Recommended Immediate Actions for...

Linux Distros Unpatched Vulnerability : CVE-2018-9154

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a reachable abort in the function jpcdecprocesssot in libjasper/jpc/jpcdec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by...

SUSE: Security Advisory (SUSE-SU-2026:20200-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES16 Security Update : jasper (SUSE-SU-2026:20200-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20200-1 advisory. Update to 4.2.8: - CVE-2025-8837: Fixed a bug in the JPC decoder that could cause bad memory accesses if the debug level is set...

openSUSE 16 Security Update : jasper (openSUSE-SU-2026:20138-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20138-1 advisory. Update to 4.2.8: - CVE-2025-8837: Fixed a bug in the JPC decoder that could cause bad memory accesses if the debug level is set sufficiently hig...

Security update for jasper (moderate)

openSUSE security update: security update for jasper ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20138-1 Rating: moderate References: bsc1247901 bsc1247902 bsc1247904 Cross-References: CVE-2025-8835 CVE-2025-8836 CVE-2025-8837 CVSS scores:...

OPENSUSE-SU-2026:20138-1 Security update for jasper

This update for jasper fixes the following issues: Update to 4.2.8: - CVE-2025-8837: Fixed a bug in the JPC decoder that could cause bad memory accesses if the debug level is set sufficiently high bsc1247901. - CVE-2025-8836: Added some missing range checking on several coding parameters in the J...

SUSE-SU-2026:20200-1 Security update for jasper

This update for jasper fixes the following issues: Update to 4.2.8: - CVE-2025-8837: Fixed a bug in the JPC decoder that could cause bad memory accesses if the debug level is set sufficiently high bsc1247901. - CVE-2025-8836: Added some missing range checking on several coding parameters in the J...

Azure Linux 3.0 Security Update: jasper (CVE-2024-31744)

The version of jasper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-31744 advisory. - In Jasper 4.2.2, the jpcstreamlistremove function in src/libjasper/jpc/jpcdec.c:2407 has an assertion failur...

MiracleLinux 8 : jasper-2.0.14-5.el8 (AXSA:2021-2685:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2685:01 advisory. jasper: Heap-based buffer overflow in cpcreate in jpcenc.c CVE-2020-27828 jasper: Heap-based buffer over-read in jp2decode in jp2dec.c CVE-2021-3272...

MiracleLinux 7 : jasper-1.900.1-33.0.1.el7.AXS7 (AXSA:2024-8730:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8730:01 advisory. CVE-2023-51257: fix an integer-overflow bug in the ICC profile parsing code CVEs: CVE-2023-51257 An invalid memory write issue in Jasper-Software Jasper...

MiracleLinux 7 : jasper-1.900.1-33.el7 (AXSA:2019-3676:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3676:01 advisory. jasper: reachable assertion in JPCNOMINALGAIN CVE-2016-9396 jasper: NULL pointer exception in jp2encode CVE-2017-1000050 Tenable has extracted the...

MiracleLinux 4 : jasper-1.900.1-15.AXS4.1 (AXSA:2012-340:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-340:01 advisory. This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2...

MiracleLinux 3 : netpbm-10.35.58-8.AXS3.3 (AXSA:2011-558:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-558:01 advisory. The netpbm package contains a library of functions which support programs for handling various graphics file formats, including .pbm portable bitmaps...

MiracleLinux 3 : netpbm-10.35-6.1AXS3.1 (AXSA:2009-24:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-24:01 advisory. The netpbm package contains a library of functions which support programs for handling various graphics file formats, including .pbm portable bitmaps,...

MiracleLinux 7 : jasper-1.900.1-33.0.2.el7.AXS7 (AXSA:2025-10995:02)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10995:02 advisory. CVE-2025-8837: fix use-after-free vulnerability in jpcdecdump CVEs: CVE-2025-8837 A vulnerability was identified in JasPer up to 4.2.5. This affects the...

MiracleLinux 7 : jasper-1.900.1-33.0.4.el7.AXS7 (AXSA:2025-11014:03)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-11014:03 advisory. CVE-2025-8836: fix manipulation in function jpcfloorlog2 to prevent reachable assertion CVEs: CVE-2025-8836 A vulnerability was determined in JasPe...

Imposter for hire: How fake people can gain very real access

In the latest edition of our Cyberattack Series, we dive into a real-world case of fake employees. Cybercriminals are no longer just breaking into networks—they’re gaining access by posing as legitimate employees. This form of cyberattack involves operatives posing as legitimate remote hires,...