Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-27828

Опубликовано: 30 нояб. 2020
Источник: redhat
CVSS3: 7.8

Описание

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.

A flaw was found in the Jasper tool’s jpc encoder. This flaw allows an attacker to craft input provided to Jasper, causing an arbitrary out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Меры по смягчению последствий

This flaw can be mitigated for the Jasper tool by not accepting untrusted inputs to be processed by Jasper or constraining rlevels on those inputs from outside of Jasper.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5netpbmOut of support scope
Red Hat Enterprise Linux 6jasperOut of support scope
Red Hat Enterprise Linux 7jasperOut of support scope
Red Hat Enterprise Linux 9jasperNot affected
Red Hat Enterprise Linux 8jasperFixedRHSA-2021:423509.11.2021

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20->CWE-122->CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=1905201jasper: Heap-based buffer overflow in cp_create() in jpc_enc.c

7.8 High

CVSS3

Связанные уязвимости

CVSS3: 7.8
ubuntu
больше 4 лет назад

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.

CVSS3: 7.8
nvd
больше 4 лет назад

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.

CVSS3: 7.8
debian
больше 4 лет назад

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Cr ...

CVSS3: 7.8
github
около 3 лет назад

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.

suse-cvrf
больше 4 лет назад

Security update for jasper

7.8 High

CVSS3