Lucene search

[email protected]NVD:CVE-2024-31744

HistoryApr 19, 2024 - 1:15 p.m.

CVE-2024-31744

2024-04-1913:15:13

CWE-617

[email protected]

web.nvd.nist.gov

jasper

vulnerability

denial of service

image file

assertion failure

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file.

References

github.com/jasper-software/jasper/commit/6d084c53a77762f41bb5310713a5f1872fef55f5

github.com/jasper-software/jasper/issues/381

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2024-31744

veracode1 osv1 cvelist1 openvas2 nessus1 mageia1 cbl_mariner1 cve1 ubuntucve1