CVE-2021-26926

Name

CVE-2021-26926

Description

A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
Exploit	https://github.com/jasper-software/jasper/issues/264
Patch	https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYVCFVTVPL66OS7LCNLUSYCMYQAVWXMM/
Third Party Advisory	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRZFZSJ4UVLLMXSKHR455TAC2SD3TOHI/
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSXESYUHMO522Z3RHXOQ2SJNWP3XTO67/

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:jasper_project:jasper::::::::`	jasper	>= None	< 2.0.25

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
jasper	3.10-main	2.0.16-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable