CVE-2017-5500

CWE-20Improper Input ValidationCWE-119Buffer OverflowCWE-264CWE-399CWE-78OS Command Injection11 documents7 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 68.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jasper Project Jasper
Timeline
PublishedMar 1
Latest updateMay 13

Description

libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDjasper_project/jasper1.900.17

🔴Vulnerability Details

3
GHSA
GHSA-7655-hvf9-c7q3: libjasper/jpc/jpc_dec2022-05-13
CVEList
CVE-2017-5500: libjasper/jpc/jpc_dec2017-03-01
OSV
CVE-2017-5500: libjasper/jpc/jpc_dec2017-03-01

📋Vendor Advisories

6
Cisco
Cisco IOS XR Software Denial of Service Vulnerability2017-10-04
Cisco
Cisco ASR 5500 System Architecture Evolution Gateway GPRS Tunneling Protocol Denial of Service Vulnerability2017-09-06
Cisco
Cisco StarOS CLI Command Injection Vulnerability2017-07-05
Cisco
Cisco Network Convergence System 5500 Series Routers Local Denial of Service Vulnerability2017-06-07
Cisco
Cisco StarOS SSH Privilege Escalation Vulnerability2017-03-15

💬Community

1
Bugzilla
CVE-2017-5500 jasper: Invalid exponent shift in jpc_calcabsstepsize() in jpc_dec.c2017-01-24
CVE-2017-5500 (MEDIUM CVSS 5.5) | libjasper/jpc/jpc_dec.c in JasPer 1 | cvebase.io