CVE-2017-6850

CWE-476 — NULL Pointer Dereference10 documents7 sources

Severity

5.5MEDIUM

EPSS

0.2%

top 55.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jasper Project Jasper

Timeline

PublishedMar 15

Latest updateMay 14

Description

The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Ubuntujasper< 1.900.1-14ubuntu3.5+1

▶NVDjasper_project/jasper2.0.12

Patches

Patch: blogs.gentoo.org ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-4jr4-j3wj-73cj: The jp2_cdef_destroy function in jp2_cod↗2022-05-14

▶

CVEList

CVE-2017-6850: The jp2_cdef_destroy function in jp2_cod↗2017-03-15

▶

OSV

CVE-2017-6850: The jp2_cdef_destroy function in jp2_cod↗2017-03-15

▶

📋Vendor Advisories

Ubuntu

JasPer vulnerabilities↗2018-06-27

▶

Red Hat

jasper: uninitialized pointer use in jp2_cdef_destroy()↗2017-01-25

▶

💬Community

Bugzilla

CVE-2016-10248 CVE-2016-10251 CVE-2017-1000050 CVE-2017-13745 CVE-2017-13746 CVE-2017-13747 CVE-2017-13748 CVE-2017-13749 CVE-2017-13750 CVE-2017-13751 CVE-2017-13752 CVE-2017-14132 CVE-2017-6850 CVE-↗2017-03-21

▶

Bugzilla

CVE-2017-6850 jasper: uninitialized pointer use in jp2_cdef_destroy()↗2017-03-21

▶

Bugzilla

CVE-2016-10249 CVE-2016-10248 CVE-2017-6850 CVE-2017-6852 CVE-2016-10251 jasper: various flaws [epel-5]↗2017-03-21

▶

Bugzilla

CVE-2016-10251 CVE-2017-1000050 CVE-2017-13745 CVE-2017-13746 CVE-2017-13747 CVE-2017-13748 CVE-2017-13749 CVE-2017-13750 CVE-2017-13751 CVE-2017-13752 CVE-2017-14132 CVE-2017-6850 CVE-2017-6851 CVE-2↗2017-03-21

▶