{"id":"MGASA-2021-0113","summary":"Updated jasper packages fix security vulnerability","details":"jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based\nbuffer over-read when there is an invalid relationship between the number of\nchannels and the number of image components (CVE-2021-3272).\n\nA flaw was found in jasper. An out of bounds read issue was found in jp2_decode\nfunction which may lead to disclosure of information or program crash\n(CVE-2021-26926).\n\nA flaw was found in jasper. A null pointer dereference in jp2_decode in\njp2_dec.c may lead to program crash and denial of service (CVE-2021-26927).\n","modified":"2026-02-04T03:59:24.898241Z","published":"2021-03-04T16:53:32Z","related":["CVE-2021-26926","CVE-2021-26927","CVE-2021-3272"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0113.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28318"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HD2Y2LT4N5ZWCMKYCUIKB3XODNJLOW3J/"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZSE7IN2V4KAQDTSMRIVDIHQ6XXFC4AUH/"}],"affected":[{"package":{"name":"jasper","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/jasper?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.25-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0113.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}