ID CVE-2017-1000050
Summary JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
References
Vulnerable Configurations
  • cpe:2.3:a:jasper_project:jasper:2.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:jasper_project:jasper:2.0.12:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 07-11-2018 - 11:29)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 1472888
    title CVE-2017-1000050 jasper: NULL pointer exception in jp2_encode()
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment jasper is earlier than 0:1.900.1-33.el7
          oval oval:com.redhat.rhsa:tst:20183253005
        • comment jasper is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111807006
      • AND
        • comment jasper-devel is earlier than 0:1.900.1-33.el7
          oval oval:com.redhat.rhsa:tst:20183253009
        • comment jasper-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111807012
      • AND
        • comment jasper-libs is earlier than 0:1.900.1-33.el7
          oval oval:com.redhat.rhsa:tst:20183253007
        • comment jasper-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111807008
      • AND
        • comment jasper-utils is earlier than 0:1.900.1-33.el7
          oval oval:com.redhat.rhsa:tst:20183253011
        • comment jasper-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111807010
    rhsa
    id RHSA-2018:3253
    released 2018-10-30
    severity Low
    title RHSA-2018:3253: jasper security update (Low)
  • rhsa
    id RHSA-2018:3505
rpms
  • jasper-0:1.900.1-33.el7
  • jasper-devel-0:1.900.1-33.el7
  • jasper-libs-0:1.900.1-33.el7
  • jasper-utils-0:1.900.1-33.el7
refmap via4
bid 96595
mlist [oss-security] 20170305 CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c)
ubuntu USN-3693-1
Last major update 07-11-2018 - 11:29
Published 17-07-2017 - 13:18
Back to Top