CVE-2017-9782

MEDIUM

JasPer 2.0.12 - Memory Corruption

Title source: llm

Description

JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c.

References (4)

[Issue Tracking, Patch, Third Party Advisory] https://github.com/mdadams/jasper/issues/140

[Third Party Advisory] https://security.gentoo.org/glsa/201908-03

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html

Scores

CVSS v3 5.5

EPSS 0.0040

EPSS Percentile 60.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-125

Status published

Products (2)

jasper_project/jasper

n/a/n/a

Published Jun 21, 2017

Tracked Since Feb 18, 2026