CVE-2015-5203
jasper: integer overflow in jas_image_cmpt_create()
Severity Score
5.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
Una vulnerabilidad de liberación doble (double free) en la función jasper_image_stop_load en JasPer 1.900.17 permite que atacantes remotos provoquen una denegación de servicio utilizando un archivo de imagen JPEG 2000 manipulado.
It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-07-01 CVE Reserved
- 2017-05-10 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
- CWE-415: Double Free
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/08/16/2 | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 23 Search vendor "Fedoraproject" for product "Fedora" and version "23" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 24 Search vendor "Fedoraproject" for product "Fedora" and version "24" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 25 Search vendor "Fedoraproject" for product "Fedora" and version "25" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 42.2 Search vendor "Opensuse" for product "Leap" and version "42.2" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.1 Search vendor "Opensuse" for product "Opensuse" and version "13.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.2 Search vendor "Opensuse" for product "Opensuse" and version "13.2" | - |
Affected
| ||||||
| Opensuse Project Search vendor "Opensuse Project" | Leap Search vendor "Opensuse Project" for product "Leap" | 42.1 Search vendor "Opensuse Project" for product "Leap" and version "42.1" | - |
Affected
| ||||||
| Jasper Project Search vendor "Jasper Project" | Jasper Search vendor "Jasper Project" for product "Jasper" | 1.900.17 Search vendor "Jasper Project" for product "Jasper" and version "1.900.17" | - |
Affected
| ||||||