CVE-2023-51257
published 2024-01-16CVE-2023-51257: An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.
PriorityP338high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.26%
16.8th percentile
An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jasper_project | jasper | <= 4.1.1 | — |
| msrc | azl3_jasper_2.0.32-3_on_azure_linux_3.0 | — | — |
| msrc | azl3_jasper_4.2.1-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_jasper_2.0.32-4_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_msrc7.8HIGH
vendor_oracle7.8HIGH
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Oracle
Oracle Oracle Communications Risk Matrix: Install/Upgrade (JasPer) — CVE-2023-51257
vendor_oracle·2024-04-15·CVSS 7.8
CVE-2023-51257 [HIGH] Oracle Oracle Communications Risk Matrix: Install/Upgrade (JasPer) — CVE-2023-51257
Oracle Oracle Communications Risk Matrix: Install/Upgrade (JasPer) vulnerability
CVE: CVE-2023-51257
CVSS: 7.8
Protocol: None
Remote exploit: No
Affected versions: Local
Advisory: cpuapr2024 (APR 2024)
Red Hat
jasper: Invalid memory write
vendor_redhat·2024-01-14·CVSS 7.8
CVE-2023-51257 [HIGH] CWE-131 jasper: Invalid memory write
jasper: Invalid memory write
An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.
A flaw in jasper was discovered where an invalid memory write occurred due to the absence of a proper range check in the JPC encoder.
Statement: The low severity of the jasper flaw stems from its limited impact and difficulty of exploitation. The invalid memory write issue in the JPC encoder is confined to specific conditions and is not easily triggered in real-world scenarios. Furthermore, the vulnerability does not expose critical data.
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability
Microsoft
An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.
vendor_msrc·2024-01-09·CVSS 7.8
CVE-2023-51257 [HIGH] CWE-119 An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.
An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
mitre: mitre
Customer Action Requ
GHSA
GHSA-c74w-77jp-9c48: An invalid memory write issue in Jasper-Software Jasper v
ghsa_unreviewed·2024-01-16
CVE-2023-51257 [HIGH] CWE-119 GHSA-c74w-77jp-9c48: An invalid memory write issue in Jasper-Software Jasper v
An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.
OSV
CVE-2023-51257: An invalid memory write issue in Jasper-Software Jasper v
osv·2024-01-16·CVSS 7.8
CVE-2023-51257 [HIGH] CVE-2023-51257: An invalid memory write issue in Jasper-Software Jasper v
An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/jasper-software/jasper/issues/367https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNTGL7I5IJSQ4BZ5MGKWJPQYICUMHQ5I/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MBF5KYWCZVIDMITRX7GBVWGNWKAMQORZ/https://github.com/jasper-software/jasper/issues/367https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNTGL7I5IJSQ4BZ5MGKWJPQYICUMHQ5I/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MBF5KYWCZVIDMITRX7GBVWGNWKAMQORZ/https://lists.fedoraproject.org/archives/list/[email protected]/message/HNTGL7I5IJSQ4BZ5MGKWJPQYICUMHQ5I/https://lists.fedoraproject.org/archives/list/[email protected]/message/MBF5KYWCZVIDMITRX7GBVWGNWKAMQORZ/
2024-01-16
Published