CVE-2021-3443 log

Source
Severity Low
Remote No
Type Denial of service
Description
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.28 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.
Group Package Affected Fixed Severity Status Ticket
AVG-1833 jasper 2.0.27-1 2.0.28-1 Low Fixed
References
https://bugzilla.redhat.com/show_bug.cgi?id=1939233
https://github.com/jasper-software/jasper/issues/269
https://github.com/jasper-software/jasper/files/6127314/jasper_poc_v2.026.zip
https://github.com/jasper-software/jasper/commit/f94e7499a8b1471a4905c4f9c9e12e60fe88264b
https://github.com/jasper-software/jasper/commit/717aeda40883b91f51161ea6c5dcac5f50ef7a59