5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.4 High
AI Score
Confidence
High
0.015 Low
EPSS
Percentile
86.8%
Package : jasper
Version : 1.900.1-debian1-2.4+deb8u4
CVE ID : CVE-2015-5203 CVE-2015-5221 CVE-2016-8690
CVE-2017-13748 CVE-2017-14132
Several security vulnerabilities were discovered in the JasPer
JPEG-2000 library.
CVE-2015-5203
Gustavo Grieco discovered an integer overflow vulnerability that
allows remote attackers to cause a denial of service or may have
other unspecified impact via a crafted JPEG 2000 image file.
CVE-2015-5221
Josselin Feist found a double-free vulnerability that allows remote
attackers to cause a denial-of-service (application crash) by
processing a malformed image file.
CVE-2016-8690
Gustavo Grieco discovered a NULL pointer dereference vulnerability
that can cause a denial-of-service via a crafted BMP image file. The
update also includes the fixes for the related issues CVE-2016-8884
and CVE-2016-8885 which complete the patch for CVE-2016-8690.
CVE-2017-13748
It was discovered that jasper does not properly release memory used
to store image tile data when image decoding fails which may lead to
a denial-of-service.
CVE-2017-14132
A heap-based buffer over-read was found related to the
jas_image_ishomosamp function that could be triggered via a crafted
image file and may cause a denial-of-service (application crash) or
have other unspecified impact.
For Debian 8 "Jessie", these problems have been fixed in version
1.900.1-debian1-2.4+deb8u4.
We recommend that you upgrade your jasper packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.4 High
AI Score
Confidence
High
0.015 Low
EPSS
Percentile
86.8%