// For flags

CVE-2007-2721

jasper: crash in jpc_qcx_getcompparms

Severity Score

4.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.

La función jpc_qcx_getcompparms en jpc/jpc_cs.c para la librería JasPer JPEG-2000 (libjasper) anterior a 1.900 permite a atacantes remotos con la intervención del usuario provocar una denegación de servicio (caída) y posiblemente corromper el montículo mediante archivos de imagen mal formados, como se ha demostrado originalmente utilizando la conversión con imagemagick .

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-05-16 CVE Reserved
  • 2007-05-16 CVE Published
  • 2024-07-11 EPSS Updated
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (24)
URL Tag Source
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041%3Bmsg=88 X_refsource_confirm
http://osvdb.org/36137 Vdb Entry
http://secunia.com/advisories/25287 Third Party Advisory
http://secunia.com/advisories/25703 Third Party Advisory
http://secunia.com/advisories/26516 Third Party Advisory
http://secunia.com/advisories/27319 Third Party Advisory
http://secunia.com/advisories/27489 Third Party Advisory
http://secunia.com/advisories/39505 Third Party Advisory
http://www.securityfocus.com/bid/24052 Vdb Entry
http://www.vupen.com/english/advisories/2010/0912 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9397 Signature
URL Date SRC
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413033 2024-08-07
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041 2024-08-07
URL Date SRC
URL Date SRC
http://www.debian.org/security/2010/dsa-2036 2023-11-07
http://www.mandriva.com/security/advisories?name=MDKSA-2007:129 2023-11-07
http://www.mandriva.com/security/advisories?name=MDKSA-2007:208 2023-11-07
http://www.mandriva.com/security/advisories?name=MDKSA-2007:209 2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2009:142 2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2009:164 2023-11-07
http://www.redhat.com/support/errata/RHSA-2009-0012.html 2023-11-07
http://www.ubuntu.com/usn/usn-501-1 2023-11-07
http://www.ubuntu.com/usn/usn-501-2 2023-11-07
https://access.redhat.com/security/cve/CVE-2007-2721 2009-02-11
https://bugzilla.redhat.com/show_bug.cgi?id=346501 2009-02-11
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Jasper Jpeg-2000
Search vendor "Jasper Jpeg-2000"
 Jasper Jpeg-2000
Search vendor "Jasper Jpeg-2000" for product "Jasper Jpeg-2000"
 <= 1.701.1
Search vendor "Jasper Jpeg-2000" for product "Jasper Jpeg-2000" and version " <= 1.701.1"
-
Affected