CVE-2017-5505

CWE-119Buffer OverflowCWE-125Out-of-bounds Read8 documents5 sources
Severity
5.5MEDIUM
EPSS
0.4%
top 39.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jasper Project Jasper
Timeline
PublishedMar 16
Latest updateMay 13

Description

The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDjasper_project/jasper1.900.27

🔴Vulnerability Details

2
GHSA
GHSA-jcmq-p3g6-5394: The jas_matrix_asl function in jas_seq2022-05-13
CVEList
CVE-2017-5505: The jas_matrix_asl function in jas_seq2017-03-16

📋Vendor Advisories

1
Red Hat
jasper: Invalid memory read in jas_matrix_asl2016-11-20

💬Community

4
Bugzilla
CVE-2017-5505 jasper: Invalid memory read in jas_matrix_asl2017-01-24
Bugzilla
CVE-2016-9591 CVE-2016-9600 CVE-2017-5503 CVE-2017-5504 CVE-2017-5505 mingw-jasper: various flaws [epel-7]2016-12-20
Bugzilla
CVE-2016-9591 CVE-2016-9600 CVE-2017-5503 CVE-2017-5504 CVE-2017-5505 mingw-jasper: various flaws [fedora-all]2016-12-20
Bugzilla
CVE-2016-9591 CVE-2016-9600 CVE-2017-5503 CVE-2017-5504 CVE-2017-5505 jasper: various flaws [epel-5]2016-12-20
CVE-2017-5505 (MEDIUM CVSS 5.5) | The jas_matrix_asl function in jas_ | cvebase.io