#14621 closed enhancement (fixed)

jasper-2.0.25

Reported by: Douglas R. Reno Owned by: Pierre Labastie
Priority: high Milestone: 10.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version

Change History (4)

comment:1 by Pierre Labastie, 18 months ago

Owner: changed from blfs-book to Pierre Labastie
Status: newassigned

comment:2 by Pierre Labastie, 18 months ago

Priority: normalhigh
2.0.25

    Fix memory-related bugs in the JPEG-2000 codec resulting from
    attempting to decode invalid code streams. (#264, #265)
    Fix wrong return value under some compilers (#260)
    Fix CVE-2021-3272 heap buffer overflow in jp2_decode (#259)

CVE-2021-3272

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.

Rated as 7.1 high

Last edited 18 months ago by Pierre Labastie (previous) (diff)

comment:3 by Pierre Labastie, 18 months ago

Committed instructions at r24202. Now for the security advisory...

comment:4 by Pierre Labastie, 18 months ago

Resolution: fixed
Status: assignedclosed

Site web updated at r1708-r1709

Note: See TracTickets for help on using tickets.