rpm package
almalinux/jasper-devel
pkg:rpm/almalinux/jasper-devel
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-26927 | Med | 5.5 | < 2.0.14-5.el8 | 2.0.14-5.el8 | Feb 23, 2021 | A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service. | |
| CVE-2021-26926 | Hig | 7.1 | < 2.0.14-5.el8 | 2.0.14-5.el8 | Feb 23, 2021 | A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash. | |
| CVE-2021-3272 | Med | 5.5 | < 2.0.14-5.el8 | 2.0.14-5.el8 | Jan 27, 2021 | jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components. | |
| CVE-2020-27828 | Hig | 7.8 | < 2.0.14-5.el8 | 2.0.14-5.el8 | Dec 11, 2020 | There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability. |
- affected < 2.0.14-5.el8fixed 2.0.14-5.el8
A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.
- affected < 2.0.14-5.el8fixed 2.0.14-5.el8
A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.
- affected < 2.0.14-5.el8fixed 2.0.14-5.el8
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.
- affected < 2.0.14-5.el8fixed 2.0.14-5.el8
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.