Denial of Service Vulnerability in JasPer JPEG Decoder
CVE-2015-5203

5.5MEDIUM

Key Information:

Vendor

Fedoraproject

Status
Fedora
Vendor
CVE Published:
2 August 2017

What is CVE-2015-5203?

A double free vulnerability exists in the jasper_image_stop_load function of JasPer 1.900.17, which can be exploited by remote attackers. By sending a specially crafted JPEG 2000 image file, the vulnerability can lead to a denial of service condition, causing the application to crash. This risk highlights the importance of validating image files and applying patches promptly to mitigate potential threats.

References

https://lists.debian.org/debian-lts-announce/2018/11/msg0...
mailing-listx_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://security.gentoo.org/glsa/201707-07
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2015-5203 : Denial of Service Vulnerability in JasPer JPEG Decoder