CVE-2017-5503

CWE-787Out-of-bounds Write8 documents5 sources
Severity
5.5MEDIUM
EPSS
0.4%
top 36.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jasper Project Jasper
Timeline
PublishedMar 1
Latest updateMay 13

Description

The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDjasper_project/jasper1.900.27

🔴Vulnerability Details

2
GHSA
GHSA-jxq5-p733-7r68: The dec_clnpass function in libjasper/jpc/jpc_t1dec2022-05-13
CVEList
CVE-2017-5503: The dec_clnpass function in libjasper/jpc/jpc_t1dec2017-03-01

📋Vendor Advisories

1
Red Hat
jasper: invalid memory write in dec_clnpass()2016-11-20

💬Community

4
Bugzilla
CVE-2017-5503 jasper: invalid memory write in dec_clnpass()2017-01-24
Bugzilla
CVE-2016-9591 CVE-2016-9600 CVE-2017-5503 CVE-2017-5504 CVE-2017-5505 mingw-jasper: various flaws [epel-7]2016-12-20
Bugzilla
CVE-2016-9591 CVE-2016-9600 CVE-2017-5503 CVE-2017-5504 CVE-2017-5505 mingw-jasper: various flaws [fedora-all]2016-12-20
Bugzilla
CVE-2016-9591 CVE-2016-9600 CVE-2017-5503 CVE-2017-5504 CVE-2017-5505 jasper: various flaws [epel-5]2016-12-20
CVE-2017-5503 (MEDIUM CVSS 5.5) | The dec_clnpass function in libjasp | cvebase.io