Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2015-5203 |
CWE-ID | CWE-415 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
jasper (Alpine package) Operating systems & Components / Operating system package or component |
Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU33529
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-5203
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
MitigationInstall update from vendor's website.
Vulnerable software versionsjasper (Alpine package): 1.900.1-r9 - 1.900.1-r10
CPE2.3http://git.alpinelinux.org/aports/commit/?id=9d20dfb4b70c35a10a26afd2ddfb7f487ee2eeb9
http://git.alpinelinux.org/aports/commit/?id=5cb610fc7996f6d7ddcdffd54f62c2adc184be7a
http://git.alpinelinux.org/aports/commit/?id=244e4d797e740c7fedf8e3e9df9d9d85859b11b4
http://git.alpinelinux.org/aports/commit/?id=6ed682fc456c44bcc9388dc0363d4102eb525974
http://git.alpinelinux.org/aports/commit/?id=876243c7f957d20029e50f3822f4b38c87c31c8e
http://git.alpinelinux.org/aports/commit/?id=fccc4781d1d7e717df10168e8a7d01c2290a5ae3
http://git.alpinelinux.org/aports/commit/?id=17601c4c50bab87d35d2b0587dc206ec61af122e
http://git.alpinelinux.org/aports/commit/?id=2b2d458b50da34ebb2659bbdcaecac89f7945dd6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.