RLSA-2021:4235 --- jasperID: oval:org.secpod.oval:def:4501266 | Date: (C)2023-04-03 (M)2023-12-20 |
Class: PATCH | Family: unix |
JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix: * jasper: Heap-based buffer overflow in cp_create in jpc_enc.c * jasper: Heap-based buffer over-read in jp2_decode in jp2_dec.c * jasper: Out of bounds read in jp2_decode in jp2_dec.c * jasper: NULL pointer dereference in jp2_decode in jp2_dec.c For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section.