CVE-2018-19139
published 2018-11-09CVE-2018-19139: An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
PriorityP417medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
EPSS
1.66%
73.7th percentile
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| jasper_project | jasper | — | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7qrv-j944-r9pw: An issue has been found in JasPer 2
ghsa_unreviewed·2022-05-13
CVE-2018-19139 [MEDIUM] CWE-772 GHSA-7qrv-j944-r9pw: An issue has been found in JasPer 2
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
OSV
CVE-2018-19139: An issue has been found in JasPer 2
osv·2018-11-09·CVSS 5.5
CVE-2018-19139 [MEDIUM] CVE-2018-19139: An issue has been found in JasPer 2
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
Red Hat
jasper: memory leak of data allocated in jpc_unk_getparms() after abort in jpc_dec_process_sot()
vendor_redhat·2018-11-09·CVSS 5.5
CVE-2018-19139 [MEDIUM] CWE-400 jasper: memory leak of data allocated in jpc_unk_getparms() after abort in jpc_dec_process_sot()
jasper: memory leak of data allocated in jpc_unk_getparms() after abort in jpc_dec_process_sot()
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
A vulnerability was found in JasPer where a memory leak occurs in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c where, an attacker could exploit this flaw by persuading a victim to open a specially crafted file, causing excessive memory consumption and eventually crashing the application.
Statement: This vulnerability was rated as LOW severity because it requires a specially crafted file to exploit, leading to a memory leak. While it doesn't cause immediate security compromise, it can cause the application to crash due to excessive memory usage.
Packag
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-19139 mingw-jasper: jasper: memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c [epel-7]
bugzilla·2018-11-12·CVSS 5.5
CVE-2018-19139 [MEDIUM] CVE-2018-19139 mingw-jasper: jasper: memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c [epel-7]
CVE-2018-19139 mingw-jasper: jasper: memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
U
Bugzilla
CVE-2018-19139 jasper: memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c [fedora-all]
bugzilla·2018-11-12·CVSS 5.5
CVE-2018-19139 [MEDIUM] CVE-2018-19139 jasper: memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c [fedora-all]
CVE-2018-19139 jasper: memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue aff
Bugzilla
CVE-2018-19139 jasper: memory leak of data allocated in jpc_unk_getparms() after abort in jpc_dec_process_sot()
bugzilla·2018-11-12·CVSS 7.5
CVE-2018-19139 [HIGH] CVE-2018-19139 jasper: memory leak of data allocated in jpc_unk_getparms() after abort in jpc_dec_process_sot()
CVE-2018-19139 jasper: memory leak of data allocated in jpc_unk_getparms() after abort in jpc_dec_process_sot()
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
References:
https://github.com/mdadams/jasper/issues/188
Discussion:
Created jasper tracking bugs for this issue:
Affects: fedora-all [bug 1649111]
Created mingw-jasper tracking bugs for this issue:
Affects: epel-7 [bug 1649113]
Affects: fedora-all [bug 1649112]
---
The reproducer triggers assertion failure abort in jpc_dec_process_sot() known as CVE-2017-13745 (bug 1488958) that remains unfixed upstream. The reported leak is minor, and it does not make much sense to consider it as a security problem while the abort problem is not fixed. Not c
Bugzilla
CVE-2018-19139 mingw-jasper: jasper: memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c [fedora-all]
bugzilla·2018-11-12·CVSS 5.5
CVE-2018-19139 [MEDIUM] CVE-2018-19139 mingw-jasper: jasper: memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c [fedora-all]
CVE-2018-19139 mingw-jasper: jasper: memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE:
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.htmlhttp://www.securityfocus.com/bid/105956https://github.com/mdadams/jasper/issues/188https://lists.debian.org/debian-lts-announce/2019/01/msg00003.htmlhttps://www.oracle.com/security-alerts/cpuapr2020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.htmlhttp://www.securityfocus.com/bid/105956https://github.com/mdadams/jasper/issues/188https://lists.debian.org/debian-lts-announce/2019/01/msg00003.htmlhttps://www.oracle.com/security-alerts/cpuapr2020.html
2018-11-09
Published