| ID |
CVE-2017-1000050
|
| Summary |
JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:jasper_project:jasper:2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:jasper_project:jasper:2.0.12:*:*:*:*:*:*:*
-
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
-
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
|
| CVSS |
| Base: | 5.0 (as of 22-02-2021 - 14:20) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-476 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
NONE |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| redhat
via4
|
| advisories | | bugzilla | | id | 1472888 | | title | CVE-2017-1000050 jasper: NULL pointer exception in jp2_encode() |
| | oval | | OR | | comment | Red Hat Enterprise Linux must be installed | | oval | oval:com.redhat.rhba:tst:20070304026 |
| AND | | comment | Red Hat Enterprise Linux 7 is installed | | oval | oval:com.redhat.rhba:tst:20150364027 |
| OR | | AND | | comment | jasper is earlier than 0:1.900.1-33.el7 | | oval | oval:com.redhat.rhsa:tst:20183253001 |
| comment | jasper is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20111807002 |
|
| AND | | comment | jasper-devel is earlier than 0:1.900.1-33.el7 | | oval | oval:com.redhat.rhsa:tst:20183253003 |
| comment | jasper-devel is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20111807004 |
|
| AND | | comment | jasper-libs is earlier than 0:1.900.1-33.el7 | | oval | oval:com.redhat.rhsa:tst:20183253005 |
| comment | jasper-libs is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20111807006 |
|
| AND | | comment | jasper-utils is earlier than 0:1.900.1-33.el7 | | oval | oval:com.redhat.rhsa:tst:20183253007 |
| comment | jasper-utils is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20111807008 |
|
|
|
|
| | rhsa | | id | RHSA-2018:3253 | | released | 2018-10-30 | | severity | Low | | title | RHSA-2018:3253: jasper security update (Low) |
|
| | rpms | - jasper-0:1.900.1-33.el7
- jasper-debuginfo-0:1.900.1-33.el7
- jasper-devel-0:1.900.1-33.el7
- jasper-libs-0:1.900.1-33.el7
- jasper-utils-0:1.900.1-33.el7
|
|
| refmap
via4
|
| bid | 96595 | | gentoo | GLSA-201908-03 | | mlist | [oss-security] 20170305 CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c) | | ubuntu | USN-3693-1 |
|
| Last major update |
22-02-2021 - 14:20 |
| Published |
17-07-2017 - 13:18 |
| Last modified |
22-02-2021 - 14:20 |
