MGASA-2021-0113
- Source
- https://advisories.mageia.org/MGASA-2021-0113.html
- Import Source
- https://advisories.mageia.org/MGASA-2021-0113.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2021-0113
- Related
- Published
- 2021-03-04T16:53:32Z
- Modified
- 2021-03-04T16:01:55Z
- Summary
- Updated jasper packages fix security vulnerability
- Details
-
jp2decode in jp2/jp2dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components (CVE-2021-3272).
A flaw was found in jasper. An out of bounds read issue was found in jp2_decode function which may lead to disclosure of information or program crash (CVE-2021-26926).
A flaw was found in jasper. A null pointer dereference in jp2decode in jp2dec.c may lead to program crash and denial of service (CVE-2021-26927).
- References
-
- https://advisories.mageia.org/MGASA-2021-0113.html
- https://bugs.mageia.org/show_bug.cgi?id=28318
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HD2Y2LT4N5ZWCMKYCUIKB3XODNJLOW3J/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZSE7IN2V4KAQDTSMRIVDIHQ6XXFC4AUH/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:7 / jasper
Package
- Name
- jasper
- Purl
- pkg:rpm/mageia/jasper?distro=mageia-7