CVE-2017-14229
published 2017-09-09CVE-2017-14229: There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack.
PriorityP335high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
3.00%
85.7th percentile
There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jasper_project | jasper | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
jasper: excessive looping in jpc_dec_tileinit()
vendor_redhat·2017-09-11·CVSS 7.5
CVE-2017-14229 [HIGH] CWE-835 jasper: excessive looping in jpc_dec_tileinit()
jasper: excessive looping in jpc_dec_tileinit()
There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack.
Package: netpbm (Red Hat Enterprise Linux 5) - Not affected
Package: jasper (Red Hat Enterprise Linux 6) - Not affected
Package: jasper (Red Hat Enterprise Linux 7) - Not affected
Package: mingw-virt-viewer (Red Hat Enterprise Virtualization 3) - Not affected
GHSA
GHSA-mfq9-xfj5-hxp8: There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec
ghsa_unreviewed·2022-05-13
CVE-2017-14229 [HIGH] CWE-835 GHSA-mfq9-xfj5-hxp8: There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec
There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-14229 jasper: excessive looping in jpc_dec_tileinit()
bugzilla·2017-09-14·CVSS 7.5
CVE-2017-14229 [HIGH] CVE-2017-14229 jasper: excessive looping in jpc_dec_tileinit()
CVE-2017-14229 jasper: excessive looping in jpc_dec_tileinit()
There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of
Jasper 2.0.13. It will lead to a remote denial of service attack.
Upstream bug:
https://github.com/mdadams/jasper/issues/146
References:
https://bugzilla.novell.com/show_bug.cgi?id=1058000
Discussion:
Created jasper tracking bugs for this issue:
Affects: fedora-all [bug 1491856]
Created mingw-jasper tracking bugs for this issue:
Affects: epel-7 [bug 1491855]
Affects: fedora-all [bug 1491854]
---
The reproducer provided by the issue reporter does not actually demonstrate an infinite loop. It does trigger an excessive looping, but processing of the reproducer ends after some time. It is unclear if infinite looping is possible or not.
This
Bugzilla
CVE-2017-14229 mingw-jasper: jasper: excessive looping in jpc_dec_tileinit() [epel-7]
bugzilla·2017-09-14·CVSS 7.5
CVE-2017-14229 [HIGH] CVE-2017-14229 mingw-jasper: jasper: excessive looping in jpc_dec_tileinit() [epel-7]
CVE-2017-14229 mingw-jasper: jasper: excessive looping in jpc_dec_tileinit() [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the following template to for t
Bugzilla
CVE-2017-14229 mingw-jasper: jasper: excessive looping in jpc_dec_tileinit() [fedora-all]
bugzilla·2017-09-14·CVSS 7.5
CVE-2017-14229 [HIGH] CVE-2017-14229 mingw-jasper: jasper: excessive looping in jpc_dec_tileinit() [fedora-all]
CVE-2017-14229 mingw-jasper: jasper: excessive looping in jpc_dec_tileinit() [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple suppor
Bugzilla
CVE-2017-14229 jasper: excessive looping in jpc_dec_tileinit() [fedora-all]
bugzilla·2017-09-14·CVSS 7.5
CVE-2017-14229 [HIGH] CVE-2017-14229 jasper: excessive looping in jpc_dec_tileinit() [fedora-all]
CVE-2017-14229 jasper: excessive looping in jpc_dec_tileinit() [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions o
http://www.securityfocus.com/bid/100861https://github.com/mdadams/jasper/issues/146https://security.gentoo.org/glsa/201908-03https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttp://www.securityfocus.com/bid/100861https://github.com/mdadams/jasper/issues/146https://security.gentoo.org/glsa/201908-03https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
2017-09-09
Published