Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201707-07
HistoryJul 08, 2017 - 12:00 a.m.

JasPer: Multiple vulnerabilities

2017-07-0800:00:00
Gentoo Foundation
security.gentoo.org
58

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.015 Low

EPSS

Percentile

86.8%

JSON

Background

JasPer is a software-based implementation of the codec specified in the JPEG-2000 Part-1 standard.

Description

Multiple vulnerabilities have been discovered in JasPer. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted image file using JasPer possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All JasPer users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/jasper-2.0.12"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-libs/jasper< 2.0.12UNKNOWN

Related

nessus 42
cve 4
osv 5
redhatcve 2
nvd 4
cvelist 4
prion 4
veracode 3
ubuntucve 4
archlinux 3
fedora 9
openvas 30
debian 3
freebsd 1
mageia 2
suse 3
amazon 1
ibm 2
centos 1
ubuntu 2
redhat 1
cloudfoundry 2
oraclelinux 1
kitploit 1
nessus
nessus
GLSA-201707-07 : JasPer: Multiple vulnerabilities
2017-07-10 00:00:00
Fedora 24 : jasper (2016-5a7e745a56)
2016-09-19 00:00:00
Fedora 25 : jasper (2016-7bfdc9d8d8)
2016-11-15 00:00:00
cve
cve
CVE-2015-8751
2020-02-17 22:15:11
CVE-2016-9591
2018-03-09 20:29:00
CVE-2015-5203
2017-08-02 19:29:00
osv
osv
CVE-2016-9591
2018-03-09 20:29:00
CVE-2016-9262
2017-03-23 18:59:00
jasper - security update
2017-04-26 00:00:00
redhatcve
redhatcve
CVE-2016-9591
2016-12-20 13:17:28
CVE-2016-9262
2016-11-10 14:47:21
nvd
nvd
CVE-2015-8751
2020-02-17 22:15:11
CVE-2016-9591
2018-03-09 20:29:00
CVE-2016-9262
2017-03-23 18:59:00
cvelist
cvelist
CVE-2016-9591
2016-12-16 00:00:00
CVE-2015-8751
2020-02-17 21:31:10
CVE-2015-5203
2017-08-02 19:00:00
prion
prion
Integer overflow
2020-02-17 22:15:00
Design/Logic Flaw
2018-03-09 20:29:00
Integer overflow
2017-03-23 18:59:00
veracode
veracode
Use-After-Free
2019-05-02 06:10:47
Integer Overflow
2019-05-02 06:10:46
Denial Of Service (DoS)
2019-01-15 09:16:38
ubuntucve
ubuntucve
CVE-2016-9591
2016-12-16 00:00:00
CVE-2016-9262
2017-03-23 00:00:00
CVE-2015-5203
2017-08-02 00:00:00
archlinux
archlinux
jasper: denial of service
2015-08-26 00:00:00
[ASA-201703-9] jasper: multiple issues
2017-03-14 00:00:00
[ASA-201612-9] jasper: multiple issues
2016-12-07 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: jasper-1.900.1-34.fc25
2016-09-20 17:13:46
[SECURITY] Fedora 24 Update: jasper-1.900.1-34.fc24
2016-09-18 02:27:07
[SECURITY] Fedora 24 Update: jasper-1.900.13-3.fc24
2017-03-21 02:51:48
openvas
openvas
Fedora Update for jasper FEDORA-2016-5a7e745a56
2016-09-18 00:00:00
Fedora Update for jasper FEDORA-2016-7bfdc9d8d8
2016-12-07 00:00:00
Debian: Security Advisory (DLA-920-1)
2018-01-16 00:00:00
debian
debian
[SECURITY] [DLA 920-1] jasper security update
2017-04-26 20:10:52
[SECURITY] [DSA 3827-1] jasper security update
2017-04-07 20:32:07
[SECURITY] [DLA 1583-1] jasper security update
2018-11-21 14:17:07
freebsd
freebsd
jasper -- multiple vulnerabilities
2015-08-17 00:00:00
mageia
mageia
Updated jasper packages fix security vulnerability
2016-09-16 12:27:13
Updated jasper packages fix security vulnerabilities
2017-12-31 03:10:15
suse
suse
Security update for jasper (important)
2017-01-10 19:08:10
Security update for jasper (important)
2017-01-08 17:07:30
Security update for jasper (important)
2017-04-05 21:08:41
amazon
amazon
Important: jasper
2017-06-06 16:49:00
ibm
ibm
Security Bulletin: Vulnerabilities in JasPer affect PowerKVM
2018-06-18 01:36:15
Security Bulletin: Multiple vulnerabilities in coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util affect IBM SmartCloud Entry
2020-07-19 00:49:12
centos
centos
jasper security update
2017-05-15 15:59:23
ubuntu
ubuntu
JasPer vulnerabilities
2018-06-27 00:00:00
JasPer vulnerabilities
2017-05-18 00:00:00
redhat
redhat
(RHSA-2017:1208) Important: jasper security update
2017-05-09 14:59:57
cloudfoundry
cloudfoundry
USN-3693-1: JasPer vulnerabilities | Cloud Foundry
2018-07-10 00:00:00
USN-3295-1: JasPer vulnerabilities | Cloud Foundry
2017-06-02 00:00:00
oraclelinux
oraclelinux
jasper security update
2017-05-09 00:00:00
kitploit
kitploit
arch-audit - An utility like pkg-audit for Arch Linux
2016-10-15 14:30:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.015 Low

EPSS

Percentile

86.8%

JSON
Related for GLSA-201707-07
nessus42cve4osv5redhatcve2nvd4cvelist4prion4veracode3ubuntucve4archlinux3fedora9openvas30debian3freebsd1mageia2suse3amazon1ibm2centos1ubuntu2redhat1cloudfoundry2oraclelinux1kitploit1