File _patchinfo of Package patchinfo.41419

<patchinfo incident="41419">
  <issue tracker="bnc" id="1247901">VUL-0: CVE-2025-8837: jasper: use-after-free in function jpc_dec_dump file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler</issue>
  <issue tracker="bnc" id="1247904">VUL-0: CVE-2025-8835: jasper: out-of-bounds array indexing in function jas_image_chclrspc of file src/libjasper/base/jas_image.c of the component Image Color Space Conversion Handler</issue>
  <issue tracker="bnc" id="1218802">VUL-0: CVE-2023-51257: jasper: invalid memory write on jas_icctxt_input in jas_icc.c</issue>
  <issue tracker="bnc" id="1247902">VUL-0: CVE-2025-8836: jasper: assertion failure in the jpc_floorlog2 function can be triggered through the use of malformed codec options</issue>
  <issue tracker="cve" id="2025-8837"/>
  <issue tracker="cve" id="2023-51257"/>
  <issue tracker="cve" id="2025-8835"/>
  <issue tracker="cve" id="2025-8836"/>
  <packager>fstrba</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for jasper</summary>
  <description>This update for jasper fixes the following issues:

- Update to 4.2.8:

- CVE-2025-8837: Fixed a bug in the JPC decoder that could cause bad memory accesses if the debug level is set sufficiently high (bsc#1247901).
- CVE-2025-8836: Added some missing range checking on several coding parameters in the JPC encoder (bsc#1247902).
- CVE-2025-8835: Added a check for a missing color component in the jas_image_chclrspc function (bsc#1247904).
- CVE-2023-51257: Fixed invalid memory write bug (bsc#1218802).
</description>
</patchinfo>