CVE-2018-19540
Published: 26 November 2018
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c.
Notes
Author | Note |
---|---|
mdeslaur | same fix as CVE-2018-9782 |
Priority
Status
Package | Release | Status |
---|---|---|
jasper Launchpad, Ubuntu, Debian |
groovy |
Does not exist
|
hirsute |
Does not exist
|
|
trusty |
Does not exist
(trusty was needed)
|
|
jammy |
Does not exist
|
|
xenial |
Needed
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
upstream |
Needs triage
|
|
mantic |
Does not exist
|
|
Patches: upstream: https://github.com/jasper-software/jasper/commit/839b1bcf0450ff036c28e8db40a7abf886e02891 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |