Huawei EulerOS: Security Advisory for jasper (EulerOS-SA-2021-2387)

The remote host is missing an update for the Huawei EulerOS 'jasper' package(s) announced via the EulerOS-SA-2021-2387 advisory.

A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function which may lead to disclosure of information or program crash.(CVE-2021-26926) The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-5503) The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.(CVE-2017-5504) The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.(CVE-2017-5505) A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.(CVE-2021-3443) A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.(CVE-2021-3467)

'jasper' package(s) on Huawei EulerOS V2.0SP2.

Checks if a vulnerable package version is present on the target host.

Please install the updated package(s).