AZL-66162

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66162.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-66162

Upstream

CVE-2025-8835

Published

2025-08-11T07:15:32Z

Modified

2026-04-21T04:37:47.837312Z

Summary

CVE-2025-8835 affecting package jasper for versions less than 4.2.1-3

Details

A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jasimagechclrspc of the file src/libjasper/base/jas_image.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is bb7d62bd0a2a8e0e1fdb4d603f3305f955158c52. It is recommended to apply a patch to fix this issue.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-8835

Affected packages

Azure Linux:3 / jasper

Package

Name: jasper
Purl: pkg:rpm/azure-linux/jasper

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.2.1-3

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66162.json"