Use-After-Free Vulnerability in JasPer JPEG-2000 Library
CVE-2015-5221

5.5MEDIUM

Key Information:

Vendor
Fedoraproject
Status
Fedora
Vendor
CVE Published:
25 July 2017

Summary

The JasPer JPEG-2000 library, specifically in the mif_process_cmpt function, is susceptible to a use-after-free vulnerability. This flaw allows remote attackers to create crafted JPEG 2000 image files that can trigger a denial of service by crashing the affected application. Users of the library are urged to upgrade to the latest version to mitigate this risk.

References

https://lists.debian.org/debian-lts-announce/2018/11/msg0...
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2015/08/20/4
mailing-listx_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.