CVE-2007-2721 — Jpeg-2000 vulnerability

11 documents8 sources

Severity

4.3MEDIUMNVD

EPSS

10.1%

top 6.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Ghostscript Jasper Jpeg-2000

Timeline

PublishedMay 16

Latest updateMay 1

Description

The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDjasper_jpeg-2000/jasper_jpeg-20001.701.1

▶Debianartifex/ghostscript< 8.61.dfsg.1~svn8187-1.1+3

🔴Vulnerability Details

GHSA

GHSA-9pv6-4w7h-vppx: The jpc_qcx_getcompparms function in jpc/jpc_cs↗2022-05-01

▶

CVEList

CVE-2007-2721: The jpc_qcx_getcompparms function in jpc/jpc_cs↗2007-05-16

▶

OSV

CVE-2007-2721: The jpc_qcx_getcompparms function in jpc/jpc_cs↗2007-05-16

▶

📋Vendor Advisories

Ubuntu

Ghostscript vulnerability↗2007-10-22

▶

Ubuntu

jasper vulnerability↗2007-08-21

▶

Red Hat

jasper: crash in jpc_qcx_getcompparms↗2007-03-01

▶

Debian

CVE-2007-2721: ghostscript - The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 libra...↗2007

▶

💬Community

Bugzilla

CVE-2007-2721 jasper: crash in jpc_qcx_getcompparms↗2007-10-23

▶

Bugzilla

CVE-2007-2721 jasper crash in jpc_qcx_getcompparms [Fdevel]↗2007-10-23

▶

Bugzilla

CVE-2007-2721: jasper DoS, heap corruption↗2007-05-17

▶