---

CVE-2021-3443 - log back

CVE-2021-3443 edited at 17 Apr 2021 11:23:11
Description	- A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened. + A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.28 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.
References	https://bugzilla.redhat.com/show_bug.cgi?id=1939233 https://github.com/jasper-software/jasper/issues/269 https://github.com/jasper-software/jasper/files/6127314/jasper_poc_v2.026.zip https://github.com/jasper-software/jasper/commit/f94e7499a8b1471a4905c4f9c9e12e60fe88264b + https://github.com/jasper-software/jasper/commit/717aeda40883b91f51161ea6c5dcac5f50ef7a59

CVE-2021-3443 edited at 24 Mar 2021 20:35:46
References	https://bugzilla.redhat.com/show_bug.cgi?id=1939233 https://github.com/jasper-software/jasper/issues/269 + https://github.com/jasper-software/jasper/files/6127314/jasper_poc_v2.026.zip https://github.com/jasper-software/jasper/commit/f94e7499a8b1471a4905c4f9c9e12e60fe88264b

CVE-2021-3443 edited at 24 Mar 2021 20:35:20

Description

- A security issue was found in jasper before 2.0.27. A NULL pointer dereference in jp2_decode in jp2_dec.c may lead to a program crash and denial of service. + A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.

CVE-2021-3443 edited at 23 Mar 2021 18:55:44
Description	- A security issue was found in jasper before 2.0.26. A NULL pointer dereference in jp2_decode in jp2_dec.c may lead to a program crash and denial of service. + A security issue was found in jasper before 2.0.27. A NULL pointer dereference in jp2_decode in jp2_dec.c may lead to a program crash and denial of service.

CVE-2021-3443 edited at 16 Mar 2021 10:39:32
Severity	- Unknown + Low
Remote	- Unknown + Local
Type	- Unknown + Denial of service
Description	+ A security issue was found in jasper before 2.0.26. A NULL pointer dereference in jp2_decode in jp2_dec.c may lead to a program crash and denial of service.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=1939233 + https://github.com/jasper-software/jasper/issues/269 + https://github.com/jasper-software/jasper/commit/f94e7499a8b1471a4905c4f9c9e12e60fe88264b
Notes

CVE-2021-3443 created at 16 Mar 2021 10:38:32