CVE-2017-6852

Опубликовано: 15 мар. 2017

Источник: debian

EPSS Низкий

Описание

Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.

Пакеты

Пакет	Статус	Релиз	Тип
jasper	removed		package
jasper	no-dsa	jessie	package
jasper	no-dsa	wheezy	package

Примечания

Upstream bug: https://github.com/mdadams/jasper/issues/114
https://www.openwall.com/lists/oss-security/2017/01/25/10
The POC only triggers an assertion failure but an overflow cannot be observed.

EPSS

Процентиль: 69%

0.00595

Низкий

Связанные уязвимости

CVE-2017-6852

CVSS3: 7.8

ubuntu

почти 9 лет назад

Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.

CVE-2017-6852

CVSS3: 5.5

redhat

около 9 лет назад

Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.

CVE-2017-6852

CVSS3: 7.8

nvd

почти 9 лет назад

Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.

GHSA-7g22-749p-gwv4

CVSS3: 7.8

github

больше 3 лет назад

Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.

EPSS

Процентиль: 69%

0.00595

Низкий