---

CVE-2021-3467 - log back

CVE-2021-3467 edited at 24 Mar 2021 20:33:34
Severity	- Unknown + Low
Remote	- Unknown + Local
Type	- Unknown + Denial of service
Description	+ A NULL pointer dereference security issue was reported in JasPer 2.0.25 in the JP2 decoder. The problem is related to insufficient validation of component references from CDEF boxes in the jp2_decode() function in src/libjasper/jp2/jp2_dec.c. The issue is fixed in JasPer 2.0.26.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=1942097 + https://github.com/jasper-software/jasper/issues/268 + https://github.com/jasper-software/jasper/files/6067050/poc.zip + https://github.com/jasper-software/jasper/commit/c4144a6fdb2660794136d1daaa80682ee40b138b

CVE-2021-3467 created at 24 Mar 2021 20:31:57
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes