CVE-2020-27828 log

Severity Medium
Remote No
Type Arbitrary code execution
A security issue was found in jasper up to version 2.0.22. It is possible that an image processed by jasper along with crafted rlvl input could set resolution levels above max, which could cause a heap buffer overflow in the loop near tccp->prcwidthexpns[rlvlno] = prcwidthexpn; in the cp_create() routine of /src/libjasper/jpc/jpc_enc.c. Because prcwidthexpn and prcheightexpn can also be controlled by data obtained from the crafted input, it leaves potential for exploitation surrounding arbitrary writes.
Group Package Affected Fixed Severity Status Ticket
AVG-1331 jasper 2.0.19-1 2.0.24-1 Medium Testing FS#68889