CVE-2018-20570

CWE-125 โ€” Out-of-bounds Read9 documents6 sources
Severity
6.5MEDIUM
EPSS
1.0%
top 23.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Debian LinuxJasper Project Jasper
Timeline
PublishedDec 28
Latest updateMay 13

Description

jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

โ–ถNVDjasper_project/jasper2.0.14

Also affects: Debian Linux 8.0

๐Ÿ”ดVulnerability Details

3
GHSA
GHSA-j3h5-m47q-9g35: jp2_encode in jp2/jp2_encโ†—2022-05-13
โ–ถ
CVEList
CVE-2018-20570: jp2_encode in jp2/jp2_encโ†—2018-12-28
โ–ถ
OSV
CVE-2018-20570: jp2_encode in jp2/jp2_encโ†—2018-12-28
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Red Hat
jasper: heap-based buffer over-read in jp2_encode()โ†—2018-12-28
โ–ถ

๐Ÿ’ฌCommunity

4
Bugzilla
CVE-2018-20570 mingw-jasper: jasper: heap-based buffer over-read in jp2_encode in jp2/jp2_enc.c [fedora-all]โ†—2019-01-09
โ–ถ
Bugzilla
CVE-2018-20570 mingw-jasper: jasper: heap-based buffer over-read in jp2_encode in jp2/jp2_enc.c [epel-7]โ†—2019-01-09
โ–ถ
Bugzilla
CVE-2018-20570 jasper: heap-based buffer over-read in jp2_encode in jp2/jp2_enc.c [fedora-all]โ†—2019-01-09
โ–ถ
Bugzilla
CVE-2018-20570 jasper: heap-based buffer over-read in jp2_encode()โ†—2019-01-09
โ–ถ