CVE-2018-20584

CWE-400 — Uncontrolled Resource Consumption9 documents6 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 48.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Debian Linux Jasper Project Jasper Oracle Outside IN Technology

Timeline

PublishedDec 30

Latest updateMay 13

Description

JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDjasper_project/jasper2.0.14

▶NVDoracle/outside_in_technology8.5.4

Also affects: Debian Linux 8.0

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-7vh4-m9mj-3v2r: JasPer 2↗2022-05-13

▶

OSV

CVE-2018-20584: JasPer 2↗2018-12-30

▶

CVEList

CVE-2018-20584: JasPer 2↗2018-12-30

▶

📋Vendor Advisories

Red Hat

jasper: DoS / hang when converting to jp2 format↗2018-12-29

▶

💬Community

Bugzilla

CVE-2018-20584 jasper: DoS / hang when converting to jp2 format↗2019-01-09

▶

Bugzilla

CVE-2018-20584 mingw-jasper: jasper: DoS when converting to jp2 [epel-7]↗2019-01-09

▶

Bugzilla

CVE-2018-20584 jasper: DoS when converting to jp2 [fedora-all]↗2019-01-09

▶

Bugzilla

CVE-2018-20584 mingw-jasper: jasper: DoS when converting to jp2 [fedora-all]↗2019-01-09

▶