Описание
libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| jasper | removed | package |
Примечания
Triggers an assert. Not suitable for code injection, hardly denial of service
Reproducer: https://github.com/asarubbo/poc/blob/master/00019-jasper-leftshift-jpc_dec_c
http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
https://github.com/mdadams/jasper/issues/64
EPSS
Связанные уязвимости
libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
EPSS