ID CVE-2017-13752
Summary There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
References
Vulnerable Configurations
  • cpe:2.3:a:jasper_project:jasper:2.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:jasper_project:jasper:2.0.12:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 05-02-2021 - 14:53)
Impact:
Exploitability:
CWE CWE-617
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 100514
gentoo GLSA-201908-03
misc https://bugzilla.redhat.com/show_bug.cgi?id=1485276
Last major update 05-02-2021 - 14:53
Published 29-08-2017 - 06:29
Last modified 05-02-2021 - 14:53
Back to Top