MGASA-2021-0249

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0249.html

Import Source

https://advisories.mageia.org/MGASA-2021-0249.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2021-0249

Related

Published

2021-06-13T21:32:39Z

Modified

2021-06-13T20:16:45Z

Summary

Updated jasper packages fix security vulnerabilities

Details

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened (CVE-2021-3443).

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened (CVE-2021-3467).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / jasper

Package

Name: jasper
Purl: pkg:rpm/mageia/jasper?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.27-1.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / mingw-jasper

Package

Name: mingw-jasper
Purl: pkg:rpm/mageia/mingw-jasper?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.27-1.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / jasper

Package

Name: jasper
Purl: pkg:rpm/mageia/jasper?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.27-1.mga7

Ecosystem specific

{
    "section": "core"
}