CVE-2018-19541Out-of-bounds Read in Project Jasper

CWE-125Out-of-bounds Read9 documents6 sources
Severity
8.8HIGHNVD
EPSS
1.2%
top 21.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Canonical Ubuntu LinuxDebian LinuxJasper Project Jasper+2 more
Timeline
PublishedNov 26
Latest updateMay 13

Description

An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/ba

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04

🔴Vulnerability Details

3
GHSA
GHSA-2rx7-vfcv-7r3v: An issue was discovered in JasPer 12022-05-13
CVEList
CVE-2018-19541: An issue was discovered in JasPer 12018-11-26
OSV
CVE-2018-19541: An issue was discovered in JasPer 12018-11-26

📋Vendor Advisories

1
Red Hat
jasper: heap-based buffer over-read of size 8 in jas_image_depalettize in libjasper/base/jas_image.c2018-07-13

💬Community

4
Bugzilla
CVE-2018-19541 jasper: heap-based buffer over-read of size 8 in jas_image_depalettize in libjasper/base/jas_image.c [fedora-all]2018-12-12
Bugzilla
CVE-2018-19541 mingw-jasper: jasper: heap-based buffer over-read of size 8 in jas_image_depalettize in libjasper/base/jas_image.c [fedora-all]2018-12-12
Bugzilla
CVE-2018-19541 mingw-jasper: jasper: heap-based buffer over-read of size 8 in jas_image_depalettize in libjasper/base/jas_image.c [epel-7]2018-12-12
Bugzilla
CVE-2018-19541 jasper: heap-based buffer over-read of size 8 in jas_image_depalettize in libjasper/base/jas_image.c2018-12-12