Published: 25/03/2021 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

A NULL pointer dereference flaw was found in the way Jasper versions prior to 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jasper project jasper
fedoraproject fedora 34

A flaw was found in the Jasper tool's jpc encoder This flaw allows an attacker to craft input provided to Jasper, causing an arbitrary out-of-bounds write The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability (CVE-2020-27828) A flaw was found in jasper before 2025 An out of bounds read is ...

No description is available for this CVE ...

A NULL pointer dereference security issue was reported in JasPer 2025 in the JP2 decoder The problem is related to insufficient validation of component references from CDEF boxes in the jp2_decode() function in src/libjasper/jp2/jp2_decc The issue is fixed in JasPer 2026 ...

CWE-476 https://bugzilla.redhat.com/show_bug.cgi?id=1942097 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWAIUFNIUCGS2IMGGDTWZIUIY7BNLGKF/https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2023-2018.html

CVE-2021-3467

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect