CVE-2018-19139

Опубликовано: 09 нояб. 2018

Источник: redhat

CVSS3: 3.3

EPSS Низкий

Описание

An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.

Отчет

This vulnerability was rated as LOW severity because it requires a specially crafted file to exploit, leading to a memory leak. While it doesn't cause immediate security compromise, it can cause the application to crash due to excessive memory usage.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	netpbm	Out of support scope
Red Hat Enterprise Linux 6	jasper	Out of support scope
Red Hat Enterprise Linux 7	jasper	Will not fix
Red Hat Enterprise Linux 8	jasper	Fix deferred
Red Hat Enterprise Linux 8	mingw-jasper	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=1649110jasper: memory leak of data allocated in jpc_unk_getparms() after abort in jpc_dec_process_sot()

EPSS

Процентиль: 63%

0.00445

Низкий

3.3 Low

CVSS3

Связанные уязвимости

CVE-2018-19139

CVSS3: 5.5

ubuntu

около 7 лет назад

An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.

CVE-2018-19139

CVSS3: 5.5

nvd

около 7 лет назад

An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.

CVE-2018-19139

CVSS3: 5.5

debian

около 7 лет назад

An issue has been found in JasPer 2.0.14. There is a memory leak in ja ...

GHSA-7qrv-j944-r9pw

CVSS3: 5.5

github

больше 3 лет назад

An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.

openSUSE-SU-2020:1523-1

suse-cvrf

больше 5 лет назад

Security update for jasper

EPSS

Процентиль: 63%

0.00445

Низкий

3.3 Low

CVSS3