CVE-2017-9782

CWE-125 — Out-of-bounds Read11 documents7 sources

Severity

5.5MEDIUM

EPSS

0.4%

top 39.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jasper Project Jasper

Timeline

PublishedJun 21

Latest updateMay 13

Description

JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Ubuntujasper< 1.900.1-debian1-2.4ubuntu1.3

▶NVDjasper_project/jasper2.0.12

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-xr6h-7436-x32m: JasPer 2↗2022-05-13

▶

OSV

jasper vulnerabilities↗2021-01-11

▶

OSV

CVE-2017-9782: JasPer 2↗2017-06-21

▶

CVEList

CVE-2017-9782: JasPer 2↗2017-06-21

▶

📋Vendor Advisories

Ubuntu

JasPer vulnerabilities↗2021-01-11

▶

Red Hat

jasper: cdef.ents[] heap-based buffer over-read in jp2_decode()↗2017-06-14

▶

💬Community

Bugzilla

CVE-2017-9782 mingw-jasper: jasper: cdef.ents[] heap-based buffer over-read in jp2_decode() [fedora-all]↗2017-06-22

▶

Bugzilla

CVE-2017-9782 jasper: cdef.ents[] heap-based buffer over-read in jp2_decode() [fedora-all]↗2017-06-22

▶

Bugzilla

CVE-2017-9782 mingw-jasper: jasper: cdef.ents[] heap-based buffer over-read in jp2_decode() [epel-7]↗2017-06-22

▶

Bugzilla

CVE-2017-9782 jasper: cdef.ents[] heap-based buffer over-read in jp2_decode()↗2017-06-22

▶