PT-2021-17182 · Jasper+6 · Jasper+6

Dgh05T

Published

2021-02-09

Updated

2024-06-15

CVE-2021-26927

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: jasper versions prior to 2.0.25

Description: A flaw was found in the jasper software, where a null pointer dereference in jp2 decode in jp2 dec.c may lead to a program crash and denial of service.

Recommendations: For versions prior to 2.0.25, update to version 2.0.25 or later to resolve the issue. As a temporary workaround, consider restricting access to the jp2 decode function in jp2 dec.c to minimize the risk of exploitation.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2021:4235

ALT-PU-2021-1241

AZL-6492

CESA-2021_4235

CVE-2021-26927

MGASA-2021-0113

OPENSUSE-SU-2022_1479-1

OPENSUSE-SU-2024:13389-1

RHSA-2021:4235

RHSA-2021_4235

RLSA-2021:4235

SUSE-SU-2022:1475-1

SUSE-SU-2022:1479-1

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Suse

Jasper

PT-2021-17182 · Jasper+6 · Jasper+6

CVE-2021-26927

Weakness Enumeration

Related Identifiers

Affected Products

References · 46