Описание
Security update for jasper
This update for jasper fixes the following issues:
- bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls
- bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.2
jasper-2.0.14-lp152.7.6.1
libjasper-devel-2.0.14-lp152.7.6.1
libjasper4-2.0.14-lp152.7.6.1
libjasper4-32bit-2.0.14-lp152.7.6.1
Ссылки
- E-Mail link for openSUSE-SU-2021:0303-1
- SUSE Security Ratings
- SUSE Bug 1179748
- SUSE Bug 1181483
- SUSE CVE CVE-2020-27828 page
- SUSE CVE CVE-2021-3272 page
Описание
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.
Затронутые продукты
openSUSE Leap 15.2:jasper-2.0.14-lp152.7.6.1
openSUSE Leap 15.2:libjasper-devel-2.0.14-lp152.7.6.1
openSUSE Leap 15.2:libjasper4-2.0.14-lp152.7.6.1
openSUSE Leap 15.2:libjasper4-32bit-2.0.14-lp152.7.6.1
Ссылки
- CVE-2020-27828
- SUSE Bug 1179748
Описание
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.
Затронутые продукты
openSUSE Leap 15.2:jasper-2.0.14-lp152.7.6.1
openSUSE Leap 15.2:libjasper-devel-2.0.14-lp152.7.6.1
openSUSE Leap 15.2:libjasper4-2.0.14-lp152.7.6.1
openSUSE Leap 15.2:libjasper4-32bit-2.0.14-lp152.7.6.1
Ссылки
- CVE-2021-3272
- SUSE Bug 1181483