CVE-2017-13748

CWE-77210 documents6 sources

Severity

7.5HIGH

EPSS

2.7%

top 14.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Debian Linux Fedoraproject Fedora Jasper Project Jasper

Timeline

PublishedAug 29

Latest updateMay 13

Description

There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDjasper_project/jasper2.0.12

Also affects: Debian Linux 8.0, Fedora 32, 33

🔴Vulnerability Details

GHSA

GHSA-qjc6-xfwj-2cxr: There are lots of memory leaks in JasPer 2↗2022-05-13

▶

CVEList

CVE-2017-13748: There are lots of memory leaks in JasPer 2↗2017-08-29

▶

OSV

CVE-2017-13748: There are lots of memory leaks in JasPer 2↗2017-08-29

▶

📋Vendor Advisories

Red Hat

jasper: tile memory not released on image parsing errors↗2017-08-25

▶

💬Community

Bugzilla

CVE-2018-20622 jasper: memory leak in jpc_dec_decodepkt()↗2019-01-09

▶

Bugzilla

CVE-2017-13748 jasper: tile memory not released on image parsing errors↗2017-09-06

▶

Bugzilla

CVE-2016-10248 CVE-2016-10251 CVE-2017-1000050 CVE-2017-13745 CVE-2017-13746 CVE-2017-13747 CVE-2017-13748 CVE-2017-13749 CVE-2017-13750 CVE-2017-13751 CVE-2017-13752 CVE-2017-14132 CVE-2017-6850 CVE-↗2017-03-21

▶

Bugzilla

CVE-2016-10251 CVE-2017-1000050 CVE-2017-13745 CVE-2017-13746 CVE-2017-13747 CVE-2017-13748 CVE-2017-13749 CVE-2017-13750 CVE-2017-13751 CVE-2017-13752 CVE-2017-14132 CVE-2017-6850 CVE-2017-6851 CVE-2↗2017-03-21

▶

Bugzilla

CVE-2016-9396 CVE-2016-9397 CVE-2016-9398 CVE-2016-9399 CVE-2017-1000050 CVE-2017-13745 CVE-2017-13746 CVE-2017-13747 CVE-2017-13748 CVE-2017-13749 CVE-2017-13750 CVE-2017-13751 CVE-2017-13752 CVE-201↗2017-03-21

▶