Fedora 32 : jasper (2021-26cb56b3cb)

The remote Fedora 32 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-26cb56b3cb advisory. - A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A speciall...

CVE-2021-3467

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened...

AZL-6494 CVE-2021-3443 affecting package jasper for versions less than 2.0.32-2

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened...

Null pointer dereference

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened...

UBUNTU-CVE-2021-3443

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened...

CVE-2021-3467

CVE-2021-3467 is a NULL pointer dereference in Jasper’s JP2 image format decoder when handling component references in the JP2 CDEF box. A crafted JP2 image could cause an application using the Jasper library to crash. Affected: Jasper versions before 2.0.26 (per the description). Impact: crash r...

CVE-2021-3467

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened...

CVE-2021-3443

CVE-2021-3443 describes a NULL pointer dereference in Jasper’s JP2 image format decoder. A crafted JP2 file could cause an application using the Jasper library to crash. The description indicates the flaw exists in Jasper versions prior to 2.0.27. There is no explicit exploitation status, affecte...

JasPer 代码问题漏洞

JasPer is an open source project that aims to provide a free software-based reference implementation of the codecs specified in the JPEG-2000 Part-1 standard. A null pointer dereference vulnerability exists in versions of Jasper prior to 2.0.26. The vulnerability stems from a problem with the way...

DEBIAN-CVE-2021-27918

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method...

AZL-79104 CVE-2021-27918 affecting package golang 1.25.7-1

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method...

Design/Logic Flaw

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method...

OESA-2021-1061 openjpeg security update

Security Fixes: Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted file because of incorrect j2kdecode, j2kreadeoc, and tcddecodetile...

OSV-2021-482 Heap-buffer-overflow in draco::MeshPredictionSchemeTexCoordsDecoder<int, draco::PredictionSchemeWrapDeco

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31587 Crash type: Heap-buffer-overflow WRITE 4 Crash state: draco::MeshPredictionSchemeTexCoordsDecoderint, draco::PredictionSchemeWrapDeco draco::MeshPredictionSchemeTexCoordsDecoderint, draco::PredictionSchemeWrapDeco...

PT-2021-2259 · Cisco · Snort

Name of the Vulnerable Software and Affected Versions: Cisco products affected versions not specified Description: The issue is related to improper handling of error conditions when processing Ethernet frames in the Snort detection engine, which could allow an unauthenticated, adjacent attacker t...

Tencent WeChat WXAM Decoder Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WXAM...

CVE-2020-27874

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat 7.0.18. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WXAM...

CVE-2020-27874

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat 7.0.18. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WXAM...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat 7.0.18. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WXAM...

CVE-2020-27874

The CVE-2020-27874 entry concerns Tencent WeChat 7.0.18 with a vulnerability in the WXAM Decoder. The flaw results from improper validation of user-supplied data, causing memory access past the end of an allocated object and leading to remote code execution. Exploitation requires user interaction...