CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-3272 – jasper: Heap-based buffer over-read in jp2_decode() in jp2_dec.c
https://notcve.org/view.php?id=CVE-2021-3272
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components. En la función jp2_decode en el archivo jp2/jp2_dec.c en libjasper en JasPer versión 2.0.24, presenta una lectura excesiva del búfer en la región heap de la memoria cuando existe una relación no válida entre el número de canales y el número de componentes de la imagen • https://github.com/jasper-software/jasper/issues/259 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BZFU2F6UW4L2FJE65WJLWGUIELDWCL7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HD2Y2LT4N5ZWCMKYCUIKB3XODNJLOW3J https://access.redhat.com/security/cve/CVE-2021-3272 https://bugzilla.redhat.com/show_bug.cgi?id=1921325 • CWE-125: Out-of-bounds Read •