// For flags

CVE-2018-18873

Ubuntu Security Notice USN-4688-1

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.

Se ha descubierto un problema en JasPer 2.0.14. Hay una desreferencia de puntero NULL en la funciĆ³n ras_putdatastd en ras/ras_enc.c.

An update that fixes 14 vulnerabilities is now available. This update for jasper fixes the following issues. Improved patch for already fixed issue. Fixed assert in calcstepsizes. Validate component depth bit. Check bounds in jas_seq2d_bindsub. Check bounds in jas_seq2d_bindsub. Check bounds in jas_seq2d_bindsub. Fixed heap base overflow in by checking components. Fixed reachable assertion in jpc_abstorelstepsize. Fixed null pointer deref in ras_putdatastd. Fixed mem leaks by registering jpc_unk_destroyparms. Fixed numchans mixup. Fixed heap based buffer over-read in jp2_encode. Fixed memory leak in jas_malloc.c. This update was imported from the SUSE:SLE-15:Update update project.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-10-31 CVE Reserved
  • 2018-10-31 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • 2025-06-19 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-476: NULL Pointer Dereference
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Jasper Project
Search vendor "Jasper Project"
 Jasper
Search vendor "Jasper Project" for product "Jasper"
 2.0.14
Search vendor "Jasper Project" for product "Jasper" and version "2.0.14"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 16.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"
lts
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Desktop
Search vendor "Suse" for product "Linux Enterprise Desktop"
 12
Search vendor "Suse" for product "Linux Enterprise Desktop" and version "12"
sp3
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Desktop
Search vendor "Suse" for product "Linux Enterprise Desktop"
 12
Search vendor "Suse" for product "Linux Enterprise Desktop" and version "12"
sp4
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
 11
Search vendor "Suse" for product "Linux Enterprise Server" and version "11"
sp3, ltss
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
 11
Search vendor "Suse" for product "Linux Enterprise Server" and version "11"
sp4
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
 12
Search vendor "Suse" for product "Linux Enterprise Server" and version "12"
sp1
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
 12
Search vendor "Suse" for product "Linux Enterprise Server" and version "12"
sp2
Affected