CVE-2018-19139

CWE-772CWE-400Uncontrolled Resource Consumption9 documents6 sources
Severity
5.5MEDIUM
EPSS
0.4%
top 36.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Debian LinuxJasper Project Jasper
Timeline
PublishedNov 9
Latest updateMay 13

Description

An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

Also affects: Debian Linux 8.0

🔴Vulnerability Details

3
GHSA
GHSA-7qrv-j944-r9pw: An issue has been found in JasPer 22022-05-13
OSV
CVE-2018-19139: An issue has been found in JasPer 22018-11-09
CVEList
CVE-2018-19139: An issue has been found in JasPer 22018-11-09

📋Vendor Advisories

1
Red Hat
jasper: memory leak of data allocated in jpc_unk_getparms() after abort in jpc_dec_process_sot()2018-11-09

💬Community

4
Bugzilla
CVE-2018-19139 mingw-jasper: jasper: memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c [epel-7]2018-11-12
Bugzilla
CVE-2018-19139 jasper: memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c [fedora-all]2018-11-12
Bugzilla
CVE-2018-19139 jasper: memory leak of data allocated in jpc_unk_getparms() after abort in jpc_dec_process_sot()2018-11-12
Bugzilla
CVE-2018-19139 mingw-jasper: jasper: memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c [fedora-all]2018-11-12
CVE-2018-19139 (MEDIUM CVSS 5.5) | An issue has been found in JasPer 2 | cvebase.io