Advisories ยป MGASA-2021-0249

Updated jasper packages fix security vulnerabilities

Publication date: 13 Jun 2021
Modification date: 13 Jun 2021
Type: security
Affected Mageia releases : 7 , 8
CVE: CVE-2021-3443 , CVE-2021-3467

Description

A NULL pointer dereference flaw was found in the way Jasper versions before 
2.0.27 handled component references in the JP2 image format decoder. A 
specially crafted JP2 image file could cause an application using the Jasper 
library to crash when opened (CVE-2021-3443).

A NULL pointer dereference flaw was found in the way Jasper versions before 
2.0.26 handled component references in CDEF box in the JP2 image format 
decoder. A specially crafted JP2 image file could cause an application using 
the Jasper library to crash when opened (CVE-2021-3467).
                

References

SRPMS

7/core

8/core