A NULL pointer dereference security issue was reported in JasPer 2.0.25 in the JP2 decoder. The problem is related to insufficient validation of component references from CDEF boxes in the jp2_decode() function in src/libjasper/jp2/jp2_dec.c. The issue is fixed in JasPer 2.0.26.
A NULL pointer dereference security issue was reported in JasPer 2.0.25 in the JP2 decoder. The problem is related to insufficient validation of component references from CDEF boxes in the jp2_decode() function in src/libjasper/jp2/jp2_dec.c. The issue is fixed in JasPer 2.0.26.
https://bugzilla.redhat.com/show_bug.cgi?id=1942097 https://github.com/jasper-software/jasper/issues/268 https://github.com/jasper-software/jasper/files/6067050/poc.zip https://github.com/jasper-software/jasper/commit/c4144a6fdb2660794136d1daaa80682ee40b138b