Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

openSUSE Leap 16.0 jasper Moderate Memory Access Issues 2026-20138-1

opensuse
Calendar Grey February 3, 2026
Dist Opensuse Esm H88
Install the latest openSUSE jasper security update that addresses three vulnerabilities and fixes. Get patched now!
An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.

Description

This update for jasper fixes the following issues:

Update to 4.2.8:

- CVE-2025-8837: Fixed a bug in the JPC decoder that could cause bad memory accesses if the debug level is set sufficiently high (bsc#1247901).

- CVE-2025-8836: Added some missing range checking on several coding parameters in the JPC encoder (bsc#1247902).

- CVE-2025-8835: Added a check for a missing color component in the jas_image_chclrspc function (bsc#1247904).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-223=1

Patch

Package List

- openSUSE Leap 16.0:

jasper-4.2.8-160000.1.1

libjasper-devel-4.2.8-160000.1.1

libjasper7-4.2.8-160000.1.1

References

* bsc#1247901

* bsc#1247902

* bsc#1247904

References:

* https://www.suse.com/security/cve/CVE-2025-8835.html

* https://www.suse.com/security/cve/CVE-2025-8836.html

* https://www.suse.com/security/cve/CVE-2025-8837.html

Announcement ID: openSUSE-SU-2026:20138-1
Rating: moderate
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here