CVE-2018-19543

Опубликовано: 13 июл. 2018

Источник: redhat

CVSS3: 3.3

Описание

An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.

Отчет

This vulnerability was rated as LOW severity because it requires the victim to open a specially crafted file, it may lead to a buffer overflow that could cause the application to crash, it does not pose a direct threat of system compromise.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	netpbm	Not affected
Red Hat Enterprise Linux 6	jasper	Will not fix
Red Hat Enterprise Linux 7	jasper	Fix deferred
Red Hat Enterprise Linux 8	jasper	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1658795jasper: heap-based buffer over-read in jp2_decode() in jp2_dec.c

3.3 Low

CVSS3

Связанные уязвимости

CVE-2018-19543

CVSS3: 7.8

ubuntu

около 7 лет назад

An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.

CVE-2018-19543

CVSS3: 7.8

nvd

около 7 лет назад

An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.

CVE-2018-19543

CVSS3: 7.8

debian

около 7 лет назад

An issue was discovered in JasPer 2.0.14. There is a heap-based buffer ...

GHSA-v2x3-gcmp-cp36

CVSS3: 7.8

github

больше 3 лет назад

An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.

openSUSE-SU-2020:1523-1

suse-cvrf

больше 5 лет назад

Security update for jasper

3.3 Low

CVSS3