Search for vulnerabilities
Vulnerability details: VCID-txtx-rquq-yyat
Vulnerability ID VCID-txtx-rquq-yyat
Aliases CVE-2021-26927
Summary A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-476 NULL Pointer Dereference
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26927.json
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2021-26927
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2021-26927
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2021-26927
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2021-26927
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2021-26927
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2021-26927
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2021-26927
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2021-26927
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2021-26927
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2021-26927
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2021-26927
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2021-26927
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2021-26927
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2021-26927
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2021-26927
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2021-26927
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2021-26927
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2021-26927
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2021-26927
cvssv3.1 4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-26927
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26927
archlinux Medium https://security.archlinux.org/AVG-1497
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26927.json
https://api.first.org/data/v1/epss?cve=CVE-2021-26927
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b
https://github.com/jasper-software/jasper/issues/265
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSXESYUHMO522Z3RHXOQ2SJNWP3XTO67/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYVCFVTVPL66OS7LCNLUSYCMYQAVWXMM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRZFZSJ4UVLLMXSKHR455TAC2SD3TOHI/
1921428 https://bugzilla.redhat.com/show_bug.cgi?id=1921428
AVG-1497 https://security.archlinux.org/AVG-1497
cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
CVE-2021-26927 https://nvd.nist.gov/vuln/detail/CVE-2021-26927
RHSA-2021:4235 https://access.redhat.com/errata/RHSA-2021:4235
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26927.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-26927
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-26927
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.22844
EPSS Score 0.00073
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T10:16:00.930034+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2021-26927 37.0.0