jasper-1.900.1-33.0.2.el7.AXS7

エラータID: AXSA:2025-10995:02

Release date: 
Tuesday, October 28, 2025 - 09:48
Subject: 
jasper-1.900.1-33.0.2.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

This package contains an implementation of the image compression
standard JPEG-2000, Part 1. It consists of tools for conversion to and
from the JP2 and JPC formats.

Security Fix(es):

* CVE-2025-8837: fix use-after-free vulnerability in jpc_dec_dump()

CVE(s):
CVE-2025-8837
A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue.

Solution: 

Update packages.

CVEs: 
CVE-2025-8837
A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue.
Additional Info: 

N/A

Download: 

Asianux Server 7 for x86_64
  1. jasper-libs-1.900.1-33.0.2.el7.AXS7.i686.rpm
    MD5: fdf7b97fa08c056739e4bb47a0025a19
    SHA-256: 6425b654d0f6656ffbda65d705ba419f9925041914c0d2dd1dd007f00504e708
    Size: 147.32 kB
  2. jasper-libs-1.900.1-33.0.2.el7.AXS7.x86_64.rpm
    MD5: 1daad8c6c936d3f12bae7d9f3a9c6471
    SHA-256: f162796e0c6927fb5ab9024075e78ec0c64765c233bd0ff3221c5fa2b051019e
    Size: 150.00 kB