Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceSUSE-SU-2026:20200-1

SUSE-SU-2026:20200-1

UNKNOWN

Security update for jasper

Published Jan 30, 2026

Modified 1 months ago

Fix available

Details

This update for jasper fixes the following issues:

Update to 4.2.8:

CVE-2025-8837: Fixed a bug in the JPC decoder that could cause bad memory accesses if the debug level is set sufficiently high (bsc#1247901).
CVE-2025-8836: Added some missing range checking on several coding parameters in the JPC encoder (bsc#1247902).
CVE-2025-8835: Added a check for a missing color component in the jas_image_chclrspc function (bsc#1247904).

Affected Packages

jasper

SUSE Linux Enterprise Server 16.0SUSE Linux Enterprise Server for SAP applications 16.0

Fixed in:

4.2.8-160000.1.1

libjasper7

SUSE Linux Enterprise Server 16.0SUSE Linux Enterprise Server for SAP applications 16.0

Fixed in:

4.2.8-160000.1.1

References

https://bugzilla.suse.com/1247901

https://bugzilla.suse.com/1247902

https://bugzilla.suse.com/1247904

https://www.suse.com/security/cve/CVE-2025-8835

https://www.suse.com/security/cve/CVE-2025-8836

https://www.suse.com/security/cve/CVE-2025-8837

https://www.suse.com/support/update/announcement/2026/suse-su-202620200-1/

Upstream

CVE-2025-8835 CVE-2025-8836 CVE-2025-8837

Related

CVE-2025-8835 CVE-2025-8836 CVE-2025-8837

Ecosystems

SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for SAP applications 16.0

Timeline

PublishedJan 30, 2026

ModifiedJan 30, 2026

SUSE-SU-2026:20200-1 | Mondoo Vulnerability Intelligence