CVE-2021-3272 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	No
Type	Denial of service
Description	jp2_decode in jp2/jp2_dec.c in libjasper in jasper before version 2.0.25 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1497	jasper	2.0.24-1	2.0.25-1	Medium	Fixed

References
https://github.com/jasper-software/jasper/issues/259 https://github.com/jasper-software/jasper/commit/49174ab592cdfa6f1a929a2ee3d4b4976f9459fd