CVE-2021-3467 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	No
Type	Denial of service
Description	A NULL pointer dereference security issue was reported in JasPer 2.0.25 in the JP2 decoder. The problem is related to insufficient validation of component references from CDEF boxes in the jp2_decode() function in src/libjasper/jp2/jp2_dec.c. The issue is fixed in JasPer 2.0.26.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1692	jasper	2.0.25-1	2.0.27-1	Low	Fixed

References
https://bugzilla.redhat.com/show_bug.cgi?id=1942097 https://github.com/jasper-software/jasper/issues/268 https://github.com/jasper-software/jasper/files/6067050/poc.zip https://github.com/jasper-software/jasper/commit/c4144a6fdb2660794136d1daaa80682ee40b138b

References

https://bugzilla.redhat.com/show_bug.cgi?id=1942097
https://github.com/jasper-software/jasper/issues/268
https://github.com/jasper-software/jasper/files/6067050/poc.zip
https://github.com/jasper-software/jasper/commit/c4144a6fdb2660794136d1daaa80682ee40b138b