Advisories » MGASA-2020-0463

Updated jasper packages fix security vulnerability

Publication date: 17 Dec 2020
Modification date: 17 Dec 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-27828

Description

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted
input provided to jasper by an attacker could cause an arbitrary out-of-bounds
write. This could potentially affect data confidentiality, integrity, or
application availability (CVE-2020-27828).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=27842
• https://github.com/jasper-software/jasper/releases/tag/version-2.0.23
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27828

SRPMS

7/core

• jasper-2.0.23-1.mga7