CVE-2008-3521
published 2008-10-02CVE-2008-3521: Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program…
PriorityP422high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
0.45%
36.2th percentile
Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jasper_project | jasper | — | — |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vendor_ubuntu9.3CRITICAL
vendor_redhat7.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vjjh-7673-9x6q: Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream
ghsa_unreviewed·2022-05-02
CVE-2008-3521 [HIGH] CWE-59 GHSA-vjjh-7673-9x6q: Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream
Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.
Ubuntu
JasPer vulnerabilities
vendor_ubuntu·2009-03-19·CVSS 9.3
CVE-2008-3520 [CRITICAL] JasPer vulnerabilities
Title: JasPer vulnerabilities
Summary: JasPer vulnerabilities
It was discovered that JasPer did not correctly handle memory allocation
when parsing certain malformed JPEG2000 images. If a user were tricked into
opening a specially crafted image with an application that uses libjasper,
an attacker could cause a denial of service and possibly execute arbitrary
code with the user's privileges. (CVE-2008-3520)
It was discovered that JasPer created temporary files in an insecure way.
Local users could exploit a race condition and cause a denial of service in
libjasper applications.
(CVE-2008-3521)
It was discovered that JasPer did not correctly handle certain formatting
operations. If a user were tricked into opening a specially crafted image
with an application that uses libjasper, an atta
Red Hat
jasper: temporary file creation race in jas_stream_tmpfile()
vendor_redhat·2008-09-08·CVSS 7.2
CVE-2008-3521 [HIGH] jasper: temporary file creation race in jas_stream_tmpfile()
jasper: temporary file creation race in jas_stream_tmpfile()
Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2008-3521 jasper: temporary file creation race in jas_stream_tmpfile()
bugzilla·2008-09-08·CVSS 7.2
CVE-2008-3521 [HIGH] CVE-2008-3521 jasper: temporary file creation race in jas_stream_tmpfile()
CVE-2008-3521 jasper: temporary file creation race in jas_stream_tmpfile()
Marc Espie and Christian Weisgerber of the OpenBSD project reported that jas_stream_tmpfile() function used by jasper to create temporary files uses tmpnam C library function to create temporary names. Usage of tmpnam function may result in races in temporary file creation.
OpenBSD jasper library patches:
http://www.openbsd.org/cgi-bin/cvsweb/ports/graphics/jasper/patches/
Discussion:
Created attachment 316078
OpenBSD patch
---
Even though tmpnam is used in jas_stream_tmpfile, subsequent open is called with O_CREAT | O_EXCL flags. Therefore, this can not be used to overwrite / create new files via symlink attack.
Attacker may possibly be able to create a file with the name returned by tmpnam before open is ca
Bugzilla
CVE-2008-0544 SDL_image: ILBM image handlig buffer overflow
bugzilla·2008-01-29·CVSS 10.0
CVE-2008-0544 [CRITICAL] CVE-2008-0544 SDL_image: ILBM image handlig buffer overflow
CVE-2008-0544 SDL_image: ILBM image handlig buffer overflow
Secunia in their advisory SA28640 points out possible heap buffer overflow in
IMG_LoadLBM_RW - IFF ILBM image handling code - which was fixed in SDL_image SVN:
http://secunia.com/advisories/28640/
Relevant commit:
http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?r1=3341&r2=3521
First part of the advisory covers GIF image handling overflow already tracked
via bug #430100.
Discussion:
SDL_image-1.2.6-5.fc8 has been submitted as an update for Fedora 8
---
SDL_image-1.2.5-7.fc7 has been submitted as an update for Fedora 7
---
SDL_image-1.2.6-5.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
---
SDL_image-1.2.5-7.fc7 has been pushed
http://bugs.gentoo.org/attachment.cgi?id=163282&action=viewhttp://bugs.gentoo.org/show_bug.cgi?id=222819http://secunia.com/advisories/34391http://www.mandriva.com/security/advisories?name=MDVSA-2009:142http://www.mandriva.com/security/advisories?name=MDVSA-2009:164http://www.securityfocus.com/bid/31470http://www.ubuntu.com/usn/USN-742-1https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3521https://exchange.xforce.ibmcloud.com/vulnerabilities/45622http://bugs.gentoo.org/attachment.cgi?id=163282&action=viewhttp://bugs.gentoo.org/show_bug.cgi?id=222819http://secunia.com/advisories/34391http://www.mandriva.com/security/advisories?name=MDVSA-2009:142http://www.mandriva.com/security/advisories?name=MDVSA-2009:164http://www.securityfocus.com/bid/31470http://www.ubuntu.com/usn/USN-742-1https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3521https://exchange.xforce.ibmcloud.com/vulnerabilities/45622
2008-10-02
Published