SUSE-SU-2025:03219-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-202503219-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:03219-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2025:03219-1
- Upstream
- Related
- Published
- 2025-09-15T09:19:16Z
- Modified
- 2026-03-23T04:50:30.071220Z
- Summary
- Security update for jasper
- Details
-
This update for jasper fixes the following issues:
- CVE-2025-8835: missing range check in the JPEG-2000 (JPC) Encoder leads to assertion failure and crash when
processing a malformed JPEG2000 image with an invalid
cblkwidthparameter (bsc#1247904). - CVE-2025-8836: out-of-bounds array indexing in function
jas_image_chclrspcleads to crash when processing a malformed image file with BMP output format and color space conversion (bsc#1247902). - CVE-2025-8837: missing operations in cleanup code of the JPEG-2000 (JPC) Encoder leads to use-after-free when processing malformed JPEG2000 images with certain debug levels enabled (bsc#1247901).
- CVE-2025-8835: missing range check in the JPEG-2000 (JPC) Encoder leads to assertion failure and crash when
processing a malformed JPEG2000 image with an invalid
- References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-202503219-1/
- https://bugzilla.suse.com/1247901
- https://bugzilla.suse.com/1247902
- https://bugzilla.suse.com/1247904
- https://www.suse.com/security/cve/CVE-2025-8835
- https://www.suse.com/security/cve/CVE-2025-8836
- https://www.suse.com/security/cve/CVE-2025-8837
Affected packages
SUSE:Linux Enterprise Module for Basesystem 15 SP6 / jasper
Package
- Name
- jasper
- Purl
- pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6