jasper-4.0.0-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13389 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z jasper-4.0.0-2.1 on GA media These are all security issues fixed in the jasper-4.0.0-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13389 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13389 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-26926/ SUSE CVE CVE-2021-26926 page https://www.suse.com/security/cve/CVE-2021-26927/ SUSE CVE CVE-2021-26927 page https://www.suse.com/security/cve/CVE-2021-27845/ SUSE CVE CVE-2021-27845 page https://www.suse.com/security/cve/CVE-2021-3443/ SUSE CVE CVE-2021-3443 page https://www.suse.com/security/cve/CVE-2021-3467/ SUSE CVE CVE-2021-3467 page openSUSE Tumbleweed jasper-4.0.0-2.1 libjasper-devel-4.0.0-2.1 libjasper7-4.0.0-2.1 libjasper7-32bit-4.0.0-2.1 jasper-4.0.0-2.1 as a component of openSUSE Tumbleweed libjasper-devel-4.0.0-2.1 as a component of openSUSE Tumbleweed libjasper7-4.0.0-2.1 as a component of openSUSE Tumbleweed libjasper7-32bit-4.0.0-2.1 as a component of openSUSE Tumbleweed A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash. CVE-2021-26926 openSUSE Tumbleweed:jasper-4.0.0-2.1 openSUSE Tumbleweed:libjasper-devel-4.0.0-2.1 openSUSE Tumbleweed:libjasper7-32bit-4.0.0-2.1 openSUSE Tumbleweed:libjasper7-4.0.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-26926.html CVE-2021-26926 https://bugzilla.suse.com/1182105 SUSE Bug 1182105 A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service. CVE-2021-26927 openSUSE Tumbleweed:jasper-4.0.0-2.1 openSUSE Tumbleweed:libjasper-devel-4.0.0-2.1 openSUSE Tumbleweed:libjasper7-32bit-4.0.0-2.1 openSUSE Tumbleweed:libjasper7-4.0.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-26927.html CVE-2021-26927 https://bugzilla.suse.com/1182104 SUSE Bug 1182104 A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c CVE-2021-27845 openSUSE Tumbleweed:jasper-4.0.0-2.1 openSUSE Tumbleweed:libjasper-devel-4.0.0-2.1 openSUSE Tumbleweed:libjasper7-32bit-4.0.0-2.1 openSUSE Tumbleweed:libjasper7-4.0.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-27845.html CVE-2021-27845 https://bugzilla.suse.com/1188437 SUSE Bug 1188437 A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened. CVE-2021-3443 openSUSE Tumbleweed:jasper-4.0.0-2.1 openSUSE Tumbleweed:libjasper-devel-4.0.0-2.1 openSUSE Tumbleweed:libjasper7-32bit-4.0.0-2.1 openSUSE Tumbleweed:libjasper7-4.0.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-3443.html CVE-2021-3443 https://bugzilla.suse.com/1184798 SUSE Bug 1184798 A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened. CVE-2021-3467 openSUSE Tumbleweed:jasper-4.0.0-2.1 openSUSE Tumbleweed:libjasper-devel-4.0.0-2.1 openSUSE Tumbleweed:libjasper7-32bit-4.0.0-2.1 openSUSE Tumbleweed:libjasper7-4.0.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-3467.html CVE-2021-3467 https://bugzilla.suse.com/1184757 SUSE Bug 1184757