CVE-2021-3272

Опубликовано: 27 янв. 2021

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	jasper	Out of support scope
Red Hat Enterprise Linux 7	jasper	Out of support scope
Red Hat Enterprise Linux 9	jasper	Not affected
Red Hat Enterprise Linux 8	jasper	Fixed	RHSA-2021:4235	09.11.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1921325jasper: Heap-based buffer over-read in jp2_decode() in jp2_dec.c

EPSS

Процентиль: 22%

0.00071

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2021-3272

CVSS3: 5.5

ubuntu

больше 4 лет назад

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.

CVE-2021-3272

CVSS3: 5.5

nvd

больше 4 лет назад

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.

CVE-2021-3272

CVSS3: 5.5

msrc

больше 3 лет назад

Описание отсутствует

CVE-2021-3272

CVSS3: 5.5

debian

больше 4 лет назад

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-b ...

GHSA-g2j5-mv4m-h6rc

github

около 3 лет назад

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.

EPSS

Процентиль: 22%

0.00071

Низкий

5.5 Medium

CVSS3