CVE-2015-5221

CWE-416Use After Free11 documents7 sources
Severity
5.5MEDIUM
EPSS
0.3%
top 49.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Jasper Project JasperFedoraproject FedoraOpensuse Leap+2 more
Timeline
PublishedJul 25
Latest updateMay 14

Description

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

Ubuntujasper< 1.900.1-14ubuntu3.5+1
NVDopensuse/leap42.2
NVDopensuse/opensuse13.1, 13.2+1

Also affects: Fedora 23, 24, 25

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-45hq-xrcp-79f9: Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod2022-05-14
OSV
CVE-2015-5221: Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod2017-07-25
CVEList
CVE-2015-5221: Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod2017-07-25

📋Vendor Advisories

2
Ubuntu
JasPer vulnerabilities2018-06-27
Red Hat
jasper: use-after-free and double-free flaws in mif_process_cmpt()2015-08-20

💬Community

5
Bugzilla
CVE-2015-5221 jasper: Use-after-free and double-free flaws in Jasper JPEG-2000 library [epel-5]2015-08-21
Bugzilla
CVE-2015-5221 jasper: Use-after-free and double-free flaws in Jasper JPEG-2000 library [fedora-all]2015-08-21
Bugzilla
CVE-2015-5221 mingw-jasper: jasper: Use-after-free and double-free flaws in Jasper JPEG-2000 library [fedora-all]2015-08-21
Bugzilla
CVE-2015-5221 jasper: use-after-free and double-free flaws in mif_process_cmpt()2015-08-21
Bugzilla
CVE-2015-5221 mingw-jasper: jasper: Use-after-free and double-free flaws in Jasper JPEG-2000 library [epel-7]2015-08-21