Vulnerability identifier: #VU10944
Vulnerability risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
JasPer
Client/Desktop applications /
Multimedia software
Vendor: The JasPer Project
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to use-after-free error when processing crafted JPEG 2000 image files. A remote attacker can send a specially crafted JPEG 2000 image file, trick the victim into opening it, trigger memory corruption and cause the service to crash.
Mitigation
Update to version 2.0.12.
Vulnerable software versions
JasPer: 1.701.0 - 2.0.10
External links
http://github.com/mdadams/jasper/commit/03fe49ab96bf65fea784cdc256507ea88267fc7c
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.