CLSA-2026-1778227041 jasper: Fix of 3 CVEs

Add Amazon Linux 2 ELS support mirrors centos7els branch with .amzn2 dist via / leapfrog over stock 1.900.1-33.amzn2.0.1 - Import CVE-2020-27828 patch from amzn2 stock SRPM out-of-bounds write in jpc encoder; jasper-2.0.14-CVE-2020-27828.patch - Import CVE-2021-3443 patch from amzn2 stock SRPM...

Linux Distros Unpatched Vulnerability : CVE-2018-9154

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a reachable abort in the function jpcdecprocesssot in libjasper/jpc/jpcdec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by...

SUSE SLES16 Security Update : jasper (SUSE-SU-2026:20200-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20200-1 advisory. Update to 4.2.8: - CVE-2025-8837: Fixed a bug in the JPC decoder that could cause bad memory accesses if the debug level is set...

MiracleLinux 7 : jasper-1.900.1-33.0.2.el7.AXS7 (AXSA:2025-10995:02)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10995:02 advisory. CVE-2025-8837: fix use-after-free vulnerability in jpcdecdump CVEs: CVE-2025-8837 A vulnerability was identified in JasPer up to 4.2.5. This affects the...

CLSA-2025-1765378381 jasper: Fix of CVE-2025-8836

CVE-2025-8836: fix manipulation in function jpcfloorlog2 to prevent reachable assertion...

CLSA-2025-1761074965 jasper: Fix of CVE-2025-8836

CVE-2025-8836: fix manipulation in function jpcfloorlog2 to prevent reachable assertion...

CLSA-2025-1760019942 jasper: Fix of CVE-2025-8836

CVE-2025-8836: fix manipulation in function jpcfloorlog2 to prevent reachable assertion...

EUVD-2007-2713

Malware in sbrugna...

EUVD-2017-14602

Malware in sbrugna...

EUVD-2021-26769

Malware in sbrugna...

EUVD-2021-26789

Malware in sbrugna...

EUVD-2015-5218

Malware in sbrugna...

EUVD-2016-10199

Malware in sbrugna...

CLSA-2025-1759498325 jasper: Fix of CVE-2025-8837

CVE-2025-8837: fix use after free vulnerability in jpcdecdump function...

Advisory ROSA-SA-2025-3027

software: jasper 2.0.33 WASP: ROSA-CHROME unaffected versions = jasper-2.0.33-2 affected versions jasper-2.0.33-2 CVE-ID: CVE-2025-8835 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A vulnerability in JasPer before version 4.2.5 allows a crash due to null pointer dereferencing in the jasimagechclrspc...

PT-2025-39741

🚨 SUSE Security Alert: Patch Jasper NOW! 🚨 CVE-2024-63874: A heap-based buffer overflow in Jasper lib Moderate severity can lead to RCE. Affects SLES 12/15 & openSUSE Leap. Read more: 👉 https://t.co/DHVCfWk6hR Security https://t.co/iMm7RhS5Oz...

SUSE SLED15 / SLES15 Security Update : jasper (SUSE-SU-2025:03219-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03219-1 advisory. - CVE-2025-8835: missing range check in the JPEG-2000 JPC Encoder leads to assertion failure and crash when...

JasPer JPEG2000 File jpc_dec.c jpc_dec_dump use after free

...

JasPer Image Color Space Conversion jas_image.c jas_image_chclrspc null pointer dereference

...

Linux Distros Unpatched Vulnerability : CVE-2017-5502

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libjasper/jp2/jp2dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service crash via vectors involving left shift of a negative value...