PT-2021-19883 · Jasper+6 · Jasper+6

Kaka201

Published

2021-01-27

Updated

2024-06-15

CVE-2021-3272

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions JasPer version 2.0.24

Description The issue arises from a heap-based buffer over-read in the jp2 decode function, located in jp2/jp2 dec.c of the libjasper library in JasPer. This occurs when there is an invalid relationship between the number of channels and the number of image components.

Recommendations For JasPer version 2.0.24, consider applying a patch or update that fixes the jp2 decode function to prevent the heap-based buffer over-read. As a temporary workaround, restrict the use of the jp2 decode function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2021:4235

ALT-PU-2021-1241

AZL-6493

CESA-2021_4235

CVE-2021-3272

MGASA-2021-0113

OPENSUSE-SU-2021:0303-1

OPENSUSE-SU-2021_0303-1

OPENSUSE-SU-2024:10869-1

RHSA-2021:4235

RHSA-2021_4235

RLSA-2021:4235

SUSE-SU-2021:0488-1

SUSE-SU-2021:0489-1

SUSE-SU-2021:14627-1

SUSE-SU-2021_14627-1

Affected Products

Alt Linux

Almalinux

Centos

Jasper

Red Hat

Rocky Linux

Suse

PT-2021-19883 · Jasper+6 · Jasper+6

CVE-2021-3272

Weakness Enumeration

Related Identifiers

Affected Products

References · 80