Your submission was sent successfully! Close

CVE-2021-3467

Published: 25 March 2021

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
jasper
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (2.0.26)
xenial Needs triage

Patches:
upstream: https://github.com/jasper-software/jasper/commit/c4144a6fdb2660794136d1daaa80682ee40b138b