CVE-2017-5503 - The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to

CVE-2017-5503

Summary

The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image.

References

Vulnerable Configurations

cpe:2.3:a:jasper_project:jasper:1.900.27:*:*:*:*:*:*:*
cpe:2.3:a:jasper_project:jasper:1.900.27:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 25-09-2020 - 12:15)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

bid	95683
gentoo	GLSA-201908-03
misc	https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-write-in-dec_clnpass-jpc_t1dec-c/
mlist	[oss-security] 20170116 jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) [oss-security] 20170117 Re: Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c)
suse	openSUSE-SU-2020:1517 openSUSE-SU-2020:1523

Last major update

25-09-2020 - 12:15

Published

01-03-2017 - 15:59

Last modified

25-09-2020 - 12:15