CVE-2017-6850

Опубликовано: 15 мар. 2017

Источник: debian

Описание

The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
jasper	removed			package

Примечания

Upstream bug: https://github.com/mdadams/jasper/issues/112
https://www.openwall.com/lists/oss-security/2017/01/25/8
Not suitable for code injection, hardly denial of service

Связанные уязвимости

CVE-2017-6850

CVSS3: 5.5

ubuntu

почти 9 лет назад

The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.

CVE-2017-6850

CVSS3: 7

redhat

около 9 лет назад

The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.

CVE-2017-6850

CVSS3: 5.5

nvd

почти 9 лет назад

The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.

GHSA-4jr4-j3wj-73cj

CVSS3: 5.5

github

больше 3 лет назад

The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.

openSUSE-SU-2017:1034-1

suse-cvrf

почти 9 лет назад

Security update for jasper