CVE-2018-9154

Priority
Description
There is a reachable abort in the function jpc_dec_process_sot in
libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial
of service attack by triggering an unexpected jas_alloc2 return value, a
different vulnerability than CVE-2017-13745.
Notes
mdeslauras of 2018-08-03, no upstream fix
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was deferred [2018-08-03])
Ubuntu 16.04 LTS (Xenial Xerus):deferred (2018-08-03)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
More Information

Updated: 2020-01-29 20:06:00 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)