{"id":"CVE-2021-26927","details":"A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.","modified":"2026-04-11T13:54:02.656764Z","published":"2021-02-23T20:15:12.040Z","related":["ALSA-2021:4235","MGASA-2021-0113","SUSE-SU-2022:1475-1","SUSE-SU-2022:1479-1","openSUSE-SU-2024:13389-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSXESYUHMO522Z3RHXOQ2SJNWP3XTO67/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYVCFVTVPL66OS7LCNLUSYCMYQAVWXMM/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRZFZSJ4UVLLMXSKHR455TAC2SD3TOHI/"},{"type":"FIX","url":"https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b"},{"type":"FIX","url":"https://github.com/jasper-software/jasper/issues/265"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jasper-software/jasper","events":[{"introduced":"0"},{"fixed":"41f214b121b837fa30d9ca5f2430212110f5cd9b"}]},{"type":"GIT","repo":"https://github.com/mdadams/jasper","events":[{"introduced":"0"},{"fixed":"9092dcb7f7680204ef523c73eb6132162b4358e3"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.0.25"}]}}],"versions":["mdadams-clang-issue","version-1.900.1","version-1.900.10","version-1.900.11","version-1.900.12","version-1.900.13","version-1.900.14","version-1.900.15","version-1.900.16","version-1.900.17","version-1.900.18","version-1.900.19","version-1.900.2","version-1.900.20","version-1.900.21","version-1.900.22","version-1.900.23","version-1.900.24","version-1.900.25","version-1.900.26","version-1.900.27","version-1.900.28","version-1.900.29","version-1.900.3","version-1.900.30","version-1.900.31","version-1.900.4","version-1.900.5","version-1.900.6","version-1.900.7","version-1.900.8","version-1.900.9","version-2.0.0","version-2.0.0-beta.1","version-2.0.0-beta.2","version-2.0.1","version-2.0.10","version-2.0.11","version-2.0.12","version-2.0.13","version-2.0.14","version-2.0.15","version-2.0.16","version-2.0.19","version-2.0.2","version-2.0.20","version-2.0.21","version-2.0.21-rc1","version-2.0.22","version-2.0.22-rc1","version-2.0.23","version-2.0.24","version-2.0.3","version-2.0.4","version-2.0.5","version-2.0.6","version-2.0.7","version-2.0.8","version-2.0.9"],"database_specific":{"vanir_signatures_modified":"2026-04-11T13:54:02Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]}],"vanir_signatures":[{"signature_type":"Function","digest":{"length":7810,"function_hash":"104658908491814254447893030759417972976"},"deprecated":false,"target":{"file":"src/libjasper/jp2/jp2_dec.c","function":"jp2_decode"},"id":"CVE-2021-26927-95631d3e","signature_version":"v1","source":"https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["37282694533761302116802108650520595363","147529930043291030550087553915600239668","189079427666211721751121033812324067189","77790122535074884709300265317085895294","23354424263111667863453999980676797776","311255358975858888072841002909184452500","176833003657040924243862604330088815607","292498377479664768969595146109554180099","323765189692149368548278767413547781996","97936909428942734310248318707262620813","309681511410682455677219176512806334061","115607947608331512562251446735731152318","58577078750014193177816355173738528683","159996541732806375658877582241863132140","27811886312958875502412922841500785403","59448957275030941935261678213988032535","204781337906295894512732919527123125174","291804061462942006508656262164997549936"]},"deprecated":false,"target":{"file":"src/libjasper/jp2/jp2_dec.c"},"id":"CVE-2021-26927-d159c612","signature_version":"v1","source":"https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-26927.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}