CVE-2018-19539 - An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_rea

CVE-2018-19539

Summary

An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.

References

Vulnerable Configurations

cpe:2.3:a:jasper_project:jasper:2.0.14:*:*:*:*:*:*:*
cpe:2.3:a:jasper_project:jasper:2.0.14:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

CWE-617

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

misc	https://github.com/mdadams/jasper/issues/182 https://www.oracle.com/security-alerts/cpuapr2020.html
mlist	[debian-lts-announce] 20190102 [SECURITY] [DLA 1628-1] jasper security update
suse	openSUSE-SU-2019:1315

Last major update

24-08-2020 - 17:37

Published

26-11-2018 - 03:29

Last modified

24-08-2020 - 17:37