Opened 3 years ago

Closed 3 years ago

#14621 closed enhancement (fixed)


Reported by: Douglas R. Reno Owned by: Pierre Labastie
Priority: high Milestone: 10.1
Component: BOOK Version: SVN
Severity: normal Keywords:


New point version

Change History (4)

comment:1 by Pierre Labastie, 3 years ago

Owner: changed from blfs-book to Pierre Labastie
Status: newassigned

comment:2 by Pierre Labastie, 3 years ago

Priority: normalhigh

    Fix memory-related bugs in the JPEG-2000 codec resulting from
    attempting to decode invalid code streams. (#264, #265)
    Fix wrong return value under some compilers (#260)
    Fix CVE-2021-3272 heap buffer overflow in jp2_decode (#259)


jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.

Rated as 7.1 high

Last edited 3 years ago by Pierre Labastie (previous) (diff)

comment:3 by Pierre Labastie, 3 years ago

Committed instructions at r24202. Now for the security advisory...

comment:4 by Pierre Labastie, 3 years ago

Resolution: fixed
Status: assignedclosed

Site web updated at r1708-r1709

Note: See TracTickets for help on using tickets.