1942097 – (CVE-2021-3467) CVE-2021-3467 jasper: NULL pointer dereference in jp2_decode() in jp2_dec.c

Bug 1942097 (CVE-2021-3467) - CVE-2021-3467 jasper: NULL pointer dereference in jp2_decode() in jp2_dec.c

Summary: CVE-2021-3467 jasper: NULL pointer dereference in jp2_decode() in jp2_dec.c

Keywords:
Status:	NEW
Alias:	CVE-2021-3467
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1942098 1942099 1942100 1942101 1942102
Blocks:	1939236 1942703
TreeView+	depends on / blocked

Reported:	2021-03-23 16:18 UTC by Tomas Hoger
Modified:	2023-07-07 08:31 UTC (History)
CC List:	5 users (show)
Fixed In Version:	jasper 2.0.26
Doc Type:	If docs needed, set a value
Doc Text:	A NULL pointer dereference flaw was found in Jasper in the way it handled component references in the CDEF box in the JP2 image format decoder. This flaw allows a specially crafted JP2 image file to cause an application using the Jasper library to crash when opened. The highest threat from this vulnerability is system availability.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Tomas Hoger 2021-03-23 16:18:11 UTC

A NULL pointer dereference flaw was reported in Jasper 2.0.25 in the JP2 decoder.  The problem is related to insufficient validation of component references from CDEF boxes in the jp2_decode() function in src/libjasper/jp2/jp2_dec.c.

Upstream issue:
https://github.com/jasper-software/jasper/issues/268

Upstream patch:
https://github.com/jasper-software/jasper/commit/c4144a6fdb2660794136d1daaa80682ee40b138b

The fix was applied in version 2.0.26.

Comment 1 Tomas Hoger 2021-03-23 16:21:34 UTC

Created jasper tracking bugs for this issue:

Affects: fedora-all [bug 1942098]


Created mingw-jasper tracking bugs for this issue:

Affects: fedora-all [bug 1942099]

Comment 2 Tomas Hoger 2021-03-23 16:29:07 UTC

Note that the fist Jasper version that crashes with the reproducer included in the upstream bug report is 2.0.20.  However, the problem exists in earlier versions as well.  More detailed analysis can be found in the upstream issue:

https://github.com/jasper-software/jasper/issues/269#issuecomment-804423097

Note You need to log in before you can comment on or make changes to this bug.