CVE-2018-9154

HIGH

JasPer 2.0.14 - Denial of Service via Unexpected jas_alloc2 Return Value

Title source: llm
STIX 2.1

Description

There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745.

References (3)

Core 3
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201908-03

Scores

CVSS v3 7.5
EPSS 0.0347
EPSS Percentile 87.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (1)
jasper_project/jasper 2.0.14
Published May 04, 2018
Tracked Since Feb 18, 2026