---

CVE-2021-3272 - log back

CVE-2021-3272 edited at 10 Feb 2021 08:50:44

Description

- jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components. + jp2_decode in jp2/jp2_dec.c in libjasper in jasper before version 2.0.25 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.

CVE-2021-3272 edited at 27 Jan 2021 08:50:06
Severity	- Unknown + Low
Remote	- Unknown + Local
Type	- Unknown + Denial of service
Description	+ jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.
References	+ https://github.com/jasper-software/jasper/issues/259 + https://github.com/jasper-software/jasper/commit/49174ab592cdfa6f1a929a2ee3d4b4976f9459fd
Notes

CVE-2021-3272 created at 27 Jan 2021 08:48:42