CVE-2018-9252
published 2018-04-04CVE-2018-9252: JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.
PriorityP425medium6.5CVSS 3.0
AVNACLPRNUIRSUCNINAH
EPSS
2.10%
79.4th percentile
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jasper_project | jasper | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5x2c-7cwv-6fv6: JasPer 2
ghsa_unreviewed·2022-05-13
CVE-2018-9252 [MEDIUM] CWE-617 GHSA-5x2c-7cwv-6fv6: JasPer 2
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.
OSV
CVE-2018-9252: JasPer 2
osv·2018-04-04·CVSS 6.5
CVE-2018-9252 [MEDIUM] CVE-2018-9252: JasPer 2
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.
Red Hat
jasper: reachable assertion in jpc_abstorelstepsize() in jpc_enc.c
vendor_redhat·2018-04-02·CVSS 6.5
CVE-2018-9252 [MEDIUM] CWE-617 jasper: reachable assertion in jpc_abstorelstepsize() in jpc_enc.c
jasper: reachable assertion in jpc_abstorelstepsize() in jpc_enc.c
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.
A vulnerability was found in Jasper due to a flaw in the jpc_abstorelstepsize function within libjasper/jpc/jpc_enc.c, where an attacker can cause a denial of service, leading to the application crashing when triggered by specially crafted input.
Statement: This vulnerability is rated as a moderate because it allows denial of service due to a reachable assertion in the jpc_abstorelstepsize function within libjasper/jpc/jpc_enc.c. Processing specially crafted input may trigger this issue, causing an application crash and affecting availability, it does not lead to code execution.
The following
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-9252 jasper: reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c [fedora-all]
bugzilla·2018-04-09·CVSS 6.5
CVE-2018-9252 [MEDIUM] CVE-2018-9252 jasper: reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c [fedora-all]
CVE-2018-9252 jasper: reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this
Bugzilla
CVE-2018-9252 mingw-jasper: jasper: reachable assertion in jpc_abstorelstepsize() in jpc_enc.c [fedora-all]
bugzilla·2018-04-09·CVSS 6.5
CVE-2018-9252 [MEDIUM] CVE-2018-9252 mingw-jasper: jasper: reachable assertion in jpc_abstorelstepsize() in jpc_enc.c [fedora-all]
CVE-2018-9252 mingw-jasper: jasper: reachable assertion in jpc_abstorelstepsize() in jpc_enc.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affec
Bugzilla
CVE-2018-9252 jasper: reachable assertion in jpc_abstorelstepsize() in jpc_enc.c
bugzilla·2018-04-09·CVSS 5.5
CVE-2018-9252 [MEDIUM] CVE-2018-9252 jasper: reachable assertion in jpc_abstorelstepsize() in jpc_enc.c
CVE-2018-9252 jasper: reachable assertion in jpc_abstorelstepsize() in jpc_enc.c
A flaw was found in JasPer 2.0.14 which allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.
Reference:
https://github.com/mdadams/jasper/issues/173
Discussion:
Created mingw-jasper tracking bugs for this issue:
Affects: fedora-all [bug 1565335]
Created jasper tracking bugs for this issue:
Affects: fedora-all [bug 1565334]
Created mingw-jasper tracking bugs for this issue:
Affects: epel-7 [bug 1565337]
---
See also CVE-2018-9055 (bug 1561699), which is another assertion failure in the same call chain, strongly related to this one.
---
Statement:
The following products are now in Extended Life Phase of the support and maintenance li
Bugzilla
CVE-2018-9252 mingw-jasper: jasper: reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c [epel-7]
bugzilla·2018-04-09·CVSS 6.5
CVE-2018-9252 [MEDIUM] CVE-2018-9252 mingw-jasper: jasper: reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c [epel-7]
CVE-2018-9252 mingw-jasper: jasper: reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Disc
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.htmlhttps://github.com/mdadams/jasper/issues/173https://www.oracle.com/security-alerts/cpuapr2020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.htmlhttps://github.com/mdadams/jasper/issues/173https://www.oracle.com/security-alerts/cpuapr2020.html
2018-04-04
Published