cbcvebase.
CVE-2025-8837
published 2025-08-11

CVE-2025-8837: A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000…

PriorityP344high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.21%
10.6th percentile
A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue.

Affected

11 ranges
VendorProductVersion rangeFixed in
jasper_projectjasper<= 4.2.5
jasper_projectjasper
jasper_projectjasper
jasper_projectjasper
jasper_projectjasper
jasper_projectjasper
jasper_projectjasper
msrcazl3_jasper_4.2.1-2_on_azure_linux_3.0
msrcazl3_jasper_4.2.1-3_on_azure_linux_3.0
msrccbl2_jasper_2.0.32-4_on_cbl_mariner_2.0
msrccbl2_jasper_2.0.32-5_on_cbl_mariner_2.0

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.01.9LOWCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.04.3MEDIUMAV:L/AC:L/Au:S/C:P/I:P/A:P
osv4.8MEDIUM
vendor_msrc5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.