Updated jasper packages fix security vulnerability
Publication date: 17 Dec 2020Modification date: 17 Dec 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-27828
Description
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability (CVE-2020-27828).
References
SRPMS
7/core
- jasper-2.0.23-1.mga7