CVE-2021-3443 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	No
Type	Denial of service
Description	A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.28 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1833	jasper	2.0.27-1	2.0.28-1	Low	Fixed

References
https://bugzilla.redhat.com/show_bug.cgi?id=1939233 https://github.com/jasper-software/jasper/issues/269 https://github.com/jasper-software/jasper/files/6127314/jasper_poc_v2.026.zip https://github.com/jasper-software/jasper/commit/f94e7499a8b1471a4905c4f9c9e12e60fe88264b https://github.com/jasper-software/jasper/commit/717aeda40883b91f51161ea6c5dcac5f50ef7a59

References

https://bugzilla.redhat.com/show_bug.cgi?id=1939233
https://github.com/jasper-software/jasper/issues/269
https://github.com/jasper-software/jasper/files/6127314/jasper_poc_v2.026.zip
https://github.com/jasper-software/jasper/commit/f94e7499a8b1471a4905c4f9c9e12e60fe88264b
https://github.com/jasper-software/jasper/commit/717aeda40883b91f51161ea6c5dcac5f50ef7a59