Bug 1921428 (CVE-2021-26927)

Summary: CVE-2021-26927 jasper: NULL pointer dereference in jp2_decode() in jp2_dec.c
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: erik-fedora, jridky, kaycoth, manisandro, mike, rh-spice-bugs, rjones, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: jasper 2.0.25 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-11-10 02:21:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1922492, 1922493, 1922494, 1933860, 1933861    
Bug Blocks: 1921429, 1926851    

Description Pedro Sampaio 2021-01-28 00:58:03 UTC 
A flaw was found in jasper. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.

Upstream issue:

https://github.com/jasper-software/jasper/issues/265

Upstream patch:

https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b
Comment 1 Tomas Hoger 2021-01-29 21:45:52 UTC 
Public now via upstream bug report:

https://github.com/jasper-software/jasper/issues/265
Comment 3 Tomas Hoger 2021-01-29 21:53:07 UTC 
Created jasper tracking bugs for this issue:

Affects: fedora-all [bug 1922494]


Created mingw-jasper tracking bugs for this issue:

Affects: fedora-all [bug 1922493]
Comment 6 Tomas Hoger 2021-03-23 16:26:17 UTC 
Note that the fist Jasper version that crashes with the reproducer included in the upstream bug report is 2.0.20.  However, the problem exists in earlier versions as well.  More detailed analysis can be found in the upstream issue:

https://github.com/jasper-software/jasper/issues/269#issuecomment-804423097
Comment 8 errata-xmlrpc 2021-11-09 17:51:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4235 https://access.redhat.com/errata/RHSA-2021:4235
Comment 9 Product Security DevOps Team 2021-11-10 02:21:47 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-26927