CVE-2021-26926
First published: Thu Jan 28 2021(Updated: )
A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/jasper | <2.0.25 | 2.0.25 |
| Jasper Project Jasper | <2.0.25 | |
| Fedoraproject Fedora | =32 | |
| Fedoraproject Fedora | =33 | |
| Fedoraproject Fedora | =34 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b
- https://github.com/jasper-software/jasper/issues/264
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSXESYUHMO522Z3RHXOQ2SJNWP3XTO67/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYVCFVTVPL66OS7LCNLUSYCMYQAVWXMM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRZFZSJ4UVLLMXSKHR455TAC2SD3TOHI/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1922320
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1922319
- https://access.redhat.com/errata/RHSA-2021:4235
- https://access.redhat.com/security/cve/cve-2021-26926
- https://bugzilla.redhat.com/show_bug.cgi?id=1921426
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYVCFVTVPL66OS7LCNLUSYCMYQAVWXMM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRZFZSJ4UVLLMXSKHR455TAC2SD3TOHI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSXESYUHMO522Z3RHXOQ2SJNWP3XTO67/
Frequently Asked Questions
What is the vulnerability ID for this flaw in jasper?
The vulnerability ID for this flaw in jasper is CVE-2021-26926.
What is the severity of CVE-2021-26926?
The severity of CVE-2021-26926 is high, with a severity value of 7.1.
How does the flaw in jasper before 2.0.25 affect the software?
The flaw in jasper before 2.0.25 can lead to disclosure of information or program crash.
How can I fix the vulnerability CVE-2021-26926?
To fix the vulnerability CVE-2021-26926, you should update jasper to version 2.0.25 or newer.
Where can I find more information about CVE-2021-26926?
You can find more information about CVE-2021-26926 in the following references: [Link 1](https://github.com/jasper-software/jasper/issues/264), [Link 2](https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b), and [Link 3](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1922320).
- collector/nvd-index
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-26926
- agent/software-canonical-lookup
- agent/author
- agent/remedy
- agent/references
- agent/severity
- agent/weakness
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/jasper project
- canonical/jasper project jasper
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/32
- version/fedoraproject fedora/33
- version/fedoraproject fedora/34
- package-manager/redhat