jasper-1.900.1-33.0.4.el7.AXS7

エラータID: AXSA:2025-11014:03

Release date: 
Tuesday, November 4, 2025 - 16:02
Subject: 
jasper-1.900.1-33.0.4.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

This package contains an implementation of the image compression
standard JPEG-2000, Part 1. It consists of tools for conversion to and
from the JP2 and JPC formats.

Security Fix(es):

* CVE-2025-8836: fix manipulation in function jpc_floorlog2 to prevent
reachable assertion

CVE(s):
CVE-2025-8836
A vulnerability was determined in JasPer up to 4.2.5. Affected by this issue is the function jpc_floorlog2 of the file src/libjasper/jpc/jpc_enc.c of the component JPEG2000 Encoder. The manipulation leads to reachable assertion. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 79185d32d7a444abae441935b20ae4676b3513d4. It is recommended to apply a patch to fix this issue.
CVE-2025-8835
A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jas_image_chclrspc of the file src/libjasper/base/jas_image.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is bb7d62bd0a2a8e0e1fdb4d603f3305f955158c52. It is recommended to apply a patch to fix this issue.

Solution: 

Update packages.

CVEs: 
CVE-2025-8835
A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jas_image_chclrspc of the file src/libjasper/base/jas_image.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is bb7d62bd0a2a8e0e1fdb4d603f3305f955158c52. It is recommended to apply a patch to fix this issue.
CVE-2025-8836
A vulnerability was determined in JasPer up to 4.2.5. Affected by this issue is the function jpc_floorlog2 of the file src/libjasper/jpc/jpc_enc.c of the component JPEG2000 Encoder. The manipulation leads to reachable assertion. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 79185d32d7a444abae441935b20ae4676b3513d4. It is recommended to apply a patch to fix this issue.
Additional Info: 

N/A

Download: 

Asianux Server 7 for x86_64
  1. jasper-libs-1.900.1-33.0.4.el7.AXS7.i686.rpm
    MD5: a4343796884912d83b5ec4e7d9d95909
    SHA-256: 69d9569ccd0f1a026f3264e0ed4add9edb8248be7bda58cf4b645d6dc6751b0a
    Size: 147.96 kB
  2. jasper-libs-1.900.1-33.0.4.el7.AXS7.x86_64.rpm
    MD5: 24751bb0a7eaf51b787f464265007384
    SHA-256: 079ed9241e2b9f414840cdfa0cf037f9849a25b06b5ddb0dc8c820c404098ad9
    Size: 150.59 kB