Context Navigation

← Previous Ticket
Next Ticket →

#14621 closed enhancement (fixed)

jasper-2.0.25

Reported by:	Douglas R. Reno	Owned by:	Pierre Labastie
Priority:	high	Milestone:	10.1
Component:	BOOK	Version:	SVN
Severity:	normal	Keywords:
Cc:

Description

New point version

Change History (4)

comment:1 by Pierre Labastie, 3 years ago

Owner:	changed from blfs-book to Pierre Labastie
Status:	new → assigned

comment:2 by Pierre Labastie, 3 years ago

Priority:	normal → high

2.0.25

    Fix memory-related bugs in the JPEG-2000 codec resulting from
    attempting to decode invalid code streams. (#264, #265)
    Fix wrong return value under some compilers (#260)
    Fix CVE-2021-3272 heap buffer overflow in jp2_decode (#259)

CVE-2021-3272

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.

Rated as 7.1 high

Last edited 3 years ago by Pierre Labastie (previous) (diff)

comment:3 by Pierre Labastie, 3 years ago

Committed instructions at r24202. Now for the security advisory...

comment:4 by Pierre Labastie, 3 years ago

Resolution:	→ fixed
Status:	assigned → closed

Site web updated at r1708-r1709

Note: See TracTickets for help on using tickets.

Download in other formats: