CVE-2017-5499
published 2017-03-01CVE-2017-5499: Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.
PriorityP418medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
EPSS
1.33%
67.4th percentile
Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jasper_project | jasper | — | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m6m4-42jg-mww3: Integer overflow in libjasper/jpc/jpc_dec
ghsa_unreviewed·2022-05-13
CVE-2017-5499 [MEDIUM] CWE-190 GHSA-m6m4-42jg-mww3: Integer overflow in libjasper/jpc/jpc_dec
Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.
OSV
CVE-2017-5499: Integer overflow in libjasper/jpc/jpc_dec
osv·2017-03-01·CVSS 5.5
CVE-2017-5499 [MEDIUM] CVE-2017-5499: Integer overflow in libjasper/jpc/jpc_dec
Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.
Red Hat
jasper: Signed integer overflow in jpc_dequantize() in jpc_dec.c
vendor_redhat·2016-10-28·CVSS 5.5
CVE-2017-5499 [MEDIUM] CWE-190 jasper: Signed integer overflow in jpc_dequantize() in jpc_dec.c
jasper: Signed integer overflow in jpc_dequantize() in jpc_dec.c
Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.
A vulnerability was found in Jasper, where an integer overflow in libjasper/jpc/jpc_dec.c can lead to a denial of service, a remote attacker could exploit this flaw by persuading a victim to open a specially crafted file, causing the application to crash.
Statement: This vulnerability is rated as low severity because it results in a denial of service, a remote attacker can crash the application using a crafted file, it does not affect system security or integrity.
Package: netpbm (Red Hat Enterprise Linux 5) - Not affected
Package: jasper (Red Hat Enterprise Linux 6) - Not affect
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.htmlhttp://www.securityfocus.com/bid/95666https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.htmlhttp://www.securityfocus.com/bid/95666https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
2017-03-01
Published