{"id":"CVE-2021-26926","details":"A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.","modified":"2026-05-19T00:03:02.421157Z","published":"2021-02-23T18:15:14.053Z","related":["ALSA-2021:4235","SUSE-SU-2022:1475-1","SUSE-SU-2022:1479-1","openSUSE-SU-2024:13389-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"32"},{"last_affected":"33"},{"last_affected":"34"}],"cpes":["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*"],"vendor_product":"fedoraproject:fedora"}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSXESYUHMO522Z3RHXOQ2SJNWP3XTO67/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYVCFVTVPL66OS7LCNLUSYCMYQAVWXMM/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRZFZSJ4UVLLMXSKHR455TAC2SD3TOHI/"},{"type":"REPORT","url":"https://github.com/jasper-software/jasper/issues/264"},{"type":"FIX","url":"https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jasper-software/jasper","events":[{"introduced":"0"},{"fixed":"9092dcb7f7680204ef523c73eb6132162b4358e3"},{"fixed":"41f214b121b837fa30d9ca5f2430212110f5cd9b"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"2.0.25"}],"cpe":"cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*"}}],"versions":["version-2.0.24","version-2.0.23","version-2.0.22-rc1","version-2.0.22","version-2.0.21-rc1","version-2.0.21","version-2.0.20","version-2.0.19","version-2.0.16","version-2.0.15","version-2.0.14","version-2.0.13","version-2.0.12","version-2.0.11","version-2.0.10","version-2.0.9","version-2.0.8","version-2.0.7","version-2.0.6","version-2.0.5","version-2.0.4","version-2.0.3","version-2.0.2","version-2.0.1","version-2.0.0","version-2.0.0-beta.2","version-2.0.0-beta.1","version-1.900.31","version-1.900.30","version-1.900.29","version-1.900.28","version-1.900.27","version-1.900.26","version-1.900.25","version-1.900.24","version-1.900.23","version-1.900.22","version-1.900.21","version-1.900.20","version-1.900.19","mdadams-clang-issue","version-1.900.18","version-1.900.17","version-1.900.16","version-1.900.15","version-1.900.14","version-1.900.13","version-1.900.12","version-1.900.11","version-1.900.10","version-1.900.9","version-1.900.8","version-1.900.7","version-1.900.6","version-1.900.5","version-1.900.4","version-1.900.3","version-1.900.2","version-1.900.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-26926.json","vanir_signatures":[{"target":{"function":"jp2_decode","file":"src/libjasper/jp2/jp2_dec.c"},"source":"https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b","deprecated":false,"id":"CVE-2021-26926-95631d3e","signature_version":"v1","signature_type":"Function","digest":{"function_hash":"104658908491814254447893030759417972976","length":7810}},{"target":{"file":"src/libjasper/jp2/jp2_dec.c"},"source":"https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b","deprecated":false,"id":"CVE-2021-26926-d159c612","signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["37282694533761302116802108650520595363","147529930043291030550087553915600239668","189079427666211721751121033812324067189","77790122535074884709300265317085895294","23354424263111667863453999980676797776","311255358975858888072841002909184452500","176833003657040924243862604330088815607","292498377479664768969595146109554180099","323765189692149368548278767413547781996","97936909428942734310248318707262620813","309681511410682455677219176512806334061","115607947608331512562251446735731152318","58577078750014193177816355173738528683","159996541732806375658877582241863132140","27811886312958875502412922841500785403","59448957275030941935261678213988032535","204781337906295894512732919527123125174","291804061462942006508656262164997549936"]}}],"vanir_signatures_modified":"2026-05-19T00:03:02Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}]}