CVE-2018-9154
HIGHJasPer 2.0.14 - Denial of Service via Unexpected jas_alloc2 Return Value
Title source: llmDescription
There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://drive.google.com/drive/u/2/folders/1YuxdfbZrw79kfzoQz0PpxIutZ7pkf_kW
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201908-03
Vendor Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2020.html
Scores
CVSS v3
7.5
EPSS
0.0347
EPSS Percentile
87.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (1)
jasper_project/jasper
2.0.14
Published
May 04, 2018
Tracked Since
Feb 18, 2026