CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2017-13748
https://notcve.org/view.php?id=CVE-2017-13748
There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. Existen muchas fugas de memoria en JasPer 2.0.12 que se desencadenan en la función jas_strdup() en base/jas_string.c que podría acabar en un ataque de denegación de servicio remoto. • http://www.securityfocus.com/bid/100514 https://bugzilla.redhat.com/show_bug.cgi?id=1485287 https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET https://security.gentoo.org/glsa/201908-03 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2017-13752
https://notcve.org/view.php?id=CVE-2017-13752
There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. Es posible abortar aserciones alcanzables en la función jpc_dequantize() en jpc/jpc_dec.c en JasPer 2.0.12 que provocaría un ataque de denegación de servicio remoto. • http://www.securityfocus.com/bid/100514 https://bugzilla.redhat.com/show_bug.cgi?id=1485276 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET https://security.gentoo.org/glsa/201908-03 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2017-13745
https://notcve.org/view.php?id=CVE-2017-13745
There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154. Es posible abortar aserciones alcanzables en la función jpc_dec_process_sot() en jpc/jpc_dec.c en JasPer 2.0.12 que provocaría un ataque de denegación de servicio remoto desencadenando un valor de retorno jpc_ppmstabtostreams inesperado. Esta vulnerabilidad es diferente de CVE-2018-9154. • http://www.securityfocus.com/bid/100514 https://bugzilla.redhat.com/show_bug.cgi?id=1485274 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET https://security.gentoo.org/glsa/201908-03 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2017-13747
https://notcve.org/view.php?id=CVE-2017-13747
There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack. Es posible abortar aserciones alcanzables en la función jjpc_floorlog2() en jpc/jpc_math.c en JasPer 2.0.12 que provocaría un ataque de denegación de servicio remoto. • http://www.securityfocus.com/bid/100514 https://bugzilla.redhat.com/show_bug.cgi?id=1485282 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET https://security.gentoo.org/glsa/201908-03 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2017-13749
https://notcve.org/view.php?id=CVE-2017-13749
There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack. Es posible abortar aserciones alcanzables en la función jpc_pi_nextrpcl() en jpc_t2cod.c en JasPer 2.0.12 que provocaría un ataque de denegación de servicio remoto. • http://www.securityfocus.com/bid/100514 https://bugzilla.redhat.com/show_bug.cgi?id=1485285 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET https://security.gentoo.org/glsa/201908-03 • CWE-617: Reachable Assertion •