CVE-2008-3521 — Link Following in Project Jasper

CWE-59 — Link Following7 documents6 sources
Severity
7.2HIGHNVD
EPSS
0.0%
top 88.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jasper Project Jasper
Timeline
PublishedOct 2
Latest updateMay 2

Description

Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

â–¶NVDjasper_project/jasper1.900.1

🔴Vulnerability Details

2
GHSA
GHSA-vjjh-7673-9x6q: Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream↗2022-05-02
â–¶
CVEList
CVE-2008-3521: Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream↗2008-10-02
â–¶

📋Vendor Advisories

2
Ubuntu
JasPer vulnerabilities↗2009-03-19
â–¶
Red Hat
jasper: temporary file creation race in jas_stream_tmpfile()↗2008-09-08
â–¶

💬Community

2
Bugzilla
CVE-2008-3521 jasper: temporary file creation race in jas_stream_tmpfile()↗2008-09-08
â–¶
Bugzilla
CVE-2008-0544 SDL_image: ILBM image handlig buffer overflow↗2008-01-29
â–¶
CVE-2008-3521 — Link Following in Jasper Project Jasper | cvebase