CVE-2018-9252 - JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsiz

CVE-2018-9252

Summary

JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.

References

Vulnerable Configurations

cpe:2.3:a:jasper_project:jasper:2.0.14:*:*:*:*:*:*:*
cpe:2.3:a:jasper_project:jasper:2.0.14:*:*:*:*:*:*:*

CVSS

CWE

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

misc	https://github.com/mdadams/jasper/issues/173 https://www.oracle.com/security-alerts/cpuapr2020.html
suse	openSUSE-SU-2020:1517 openSUSE-SU-2020:1523

Last major update

25-09-2020 - 12:15

Published

04-04-2018 - 02:29

Last modified

25-09-2020 - 12:15