Opened 8 months ago

Closed 8 months ago

#14621 closed enhancement (fixed)

jasper-2.0.25

Reported by: Douglas R. Reno Owned by: Pierre Labastie
Priority: high Milestone: 10.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version

Change History (4)

comment:1 by Pierre Labastie, 8 months ago

Owner: changed from blfs-book to Pierre Labastie
Status: newassigned

comment:2 by Pierre Labastie, 8 months ago

Priority: normalhigh
2.0.25

    Fix memory-related bugs in the JPEG-2000 codec resulting from
    attempting to decode invalid code streams. (#264, #265)
    Fix wrong return value under some compilers (#260)
    Fix CVE-2021-3272 heap buffer overflow in jp2_decode (#259)

CVE-2021-3272

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.

Rated as 7.1 high

Version 0, edited 8 months ago by Pierre Labastie (next)

comment:3 by Pierre Labastie, 8 months ago

Committed instructions at r24202. Now for the security advisory...

comment:4 by Pierre Labastie, 8 months ago

Resolution: fixed
Status: assignedclosed

Site web updated at r1708-r1709

Note: See TracTickets for help on using tickets.