JasPer Project JasPer 2.0.21 Release Candidate 1

CPE Details

JasPer Project JasPer 2.0.21 Release Candidate 1
jasper_project
jasper
2.0.21
2021-09-07
12h27 +00:00
2021-09-07
13h11 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:jasper_project:jasper:2.0.21:rc1:*:*:*:*:*:*

Informations

Vendor

jasper_project

Product

jasper

Version

2.0.21

Update

rc1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-51257 2024-01-15 23h00 +00:00 An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.
7.8
High
CVE-2021-3467 2021-03-25 17h45 +00:00 A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.
5.5
Medium
CVE-2021-3443 2021-03-25 17h45 +00:00 A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.
5.5
Medium
CVE-2021-26927 2021-02-23 18h03 +00:00 A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.
5.5
Medium
CVE-2021-26926 2021-02-23 16h43 +00:00 A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.
7.1
High
CVE-2020-27828 2020-12-11 02h07 +00:00 There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.
7.8
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.