CVE-2021-26926

一、漏洞信息
 漏洞编号：[CVE-2021-26926](https://nvd.nist.gov/vuln/detail/CVE-2021-26926)
 漏洞归属组件：[jasper](https://gitee.com/src-openeuler/jasper)
 漏洞归属的版本：2.0.14
 CVSS V3.0分值：
  BaseScore：7.1 High
  Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
 漏洞简述：
  A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.
 漏洞公开时间：2021-02-24 02:15
 漏洞创建时间：2021-03-01 22:00:37
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2021-26926
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
| github | https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b |  |
| github |  https://github.com/jasper-software/jasper/issues/264 |  |
| lists |  https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSXESYUHMO522Z3RHXOQ2SJNWP3XTO67/ |  |
| lists |  https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYVCFVTVPL66OS7LCNLUSYCMYQAVWXMM/ |  |
| lists |  https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRZFZSJ4UVLLMXSKHR455TAC2SD3TOHI/ |  |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  其它
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

无
</details>

二、漏洞分析结构反馈
 影响性分析说明：
                                  A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.                
 openEuler评分：
  7.1
 Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
 受影响版本排查(受影响/不受影响)：
  1.openEuler-20.09(2.0.14):不受影响
2.openEuler-24.03-LTS(4.1.0):不受影响
3.master(4.2.5):
4.openEuler-20.03-LTS-SP4(2.0.14):
5.openEuler-22.03-LTS-SP1:
6.openEuler-22.03-LTS-SP3:
7.openEuler-22.03-LTS-SP4(4.1.0):
8.openEuler-24.03-LTS-Next(4.1.0):
9.openEuler-24.03-LTS-SP2(4.1.0):

修复是否涉及abi变化(是/否)：
  1.master(4.2.5):否
2.openEuler-20.03-LTS-SP1(2.0.14):否
3.openEuler-20.03-LTS-SP4(2.0.14):否
4.openEuler-22.03-LTS:否
5.openEuler-22.03-LTS-Next(4.1.0):否
6.openEuler-22.03-LTS-SP1:否
7.openEuler-22.03-LTS-SP2:否
8.openEuler-22.03-LTS-SP3:否
9.openEuler-24.03-LTS(4.1.0):否
10.openEuler-24.03-LTS-SP2(4.1.0):

原因说明：
  1.master(4.2.5):
2.openEuler-20.03-LTS-SP4(2.0.14):
3.openEuler-22.03-LTS-SP3:
4.openEuler-22.03-LTS-SP4(4.1.0):
5.openEuler-24.03-LTS(4.1.0):
6.openEuler-24.03-LTS-Next(4.1.0):
7.openEuler-24.03-LTS-SP1(4.1.0):
8.openEuler-24.03-LTS-SP2(4.1.0):

src-openEuler/jasper

内容风险标识

评论 (6)

src-openEuler/jasper .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2021-26926

评论 (6)

搜索帮助

src-openEuler/jasper