CVE-2008-3520

CWE-189CWE-190Integer Overflow11 documents8 sources
Severity
9.3CRITICAL
EPSS
3.0%
top 13.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jasper Project Jasper
Timeline
PublishedOct 2
Latest updateMay 2

Description

Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

Debianghostscript< 8.64~dfsg-2+3

Patches

Patch: bugs.gentoo.orgPatch: www.securityfocus.comPatch: bugs.gentoo.org

🔴Vulnerability Details

3
GHSA
GHSA-83j4-67f2-p565: Multiple integer overflows in JasPer 12022-05-02
CVEList
CVE-2008-3520: Multiple integer overflows in JasPer 12008-10-02
OSV
CVE-2008-3520: Multiple integer overflows in JasPer 12008-10-02

📋Vendor Advisories

5
Red Hat
jasper: integer overflow in the jas_matrix_create() function2015-12-24
Ubuntu
Ghostscript vulnerabilities2012-01-04
Ubuntu
JasPer vulnerabilities2009-03-19
Red Hat
jasper: multiple integer overflows in jas_alloc calls2008-09-08
Debian
CVE-2008-3520: ghostscript - Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attac...2008

💬Community

2
Bugzilla
CVE-2008-3520 CVE-2008-3522 Multiple jasper vulnerabilities2009-10-22
Bugzilla
CVE-2008-3520 jasper: multiple integer overflows in jas_alloc calls2008-09-08
CVE-2008-3520 (CRITICAL CVSS 9.3) | Multiple integer overflows in JasPe | cvebase.io