CVE-2018-19540Out-of-bounds Write in Project Jasper

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow9 documents6 sources
Severity
8.8HIGHNVD
EPSS
0.7%
top 28.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Debian LinuxJasper Project JasperSuse Linux Enterprise Desktop+1 more
Timeline
PublishedNov 26
Latest updateMay 13

Description

An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

Also affects: Debian Linux 8.0

🔴Vulnerability Details

3
GHSA
GHSA-9f4h-jrhq-rc6w: An issue was discovered in JasPer 12022-05-13
OSV
CVE-2018-19540: An issue was discovered in JasPer 12018-11-26
CVEList
CVE-2018-19540: An issue was discovered in JasPer 12018-11-26

📋Vendor Advisories

1
Red Hat
jasper: heap-based buffer overflow of size 1 in jas_icctxtdesc_input in libjasper/base/jas_icc.c2018-07-13

💬Community

4
Bugzilla
CVE-2018-19540 jasper: heap-based buffer overflow of size 1 in jas_icctxtdesc_input in libjasper/base/jas_icc.c2018-12-12
Bugzilla
CVE-2018-19540 mingw-jasper: jasper: heap-based buffer overflow of size 1 in jas_icctxtdesc_input in libjasper/base/jas_icc.c [epel-7]2018-12-12
Bugzilla
CVE-2018-19540 mingw-jasper: jasper: heap-based buffer overflow of size 1 in jas_icctxtdesc_input in libjasper/base/jas_icc.c [fedora-all]2018-12-12
Bugzilla
CVE-2018-19540 jasper: heap-based buffer overflow of size 1 in jas_icctxtdesc_input in libjasper/base/jas_icc.c [fedora-all]2018-12-12