CVE Vulnerabilities

CVE-2007-2721

Published: May 16, 2007 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.

Affected Software

Name Vendor Start Version End Version
Jasper_jpeg-2000 Jasper_jpeg-2000 * 1.701.1 (including)
Red Hat Enterprise Linux 4 RedHat netpbm-0:10.25-2.1.el4_7.4 *
Red Hat Enterprise Linux 5 RedHat netpbm-0:10.35-6.1.el5_3.1 *
Ghostscript Ubuntu gutsy *
Ghostscript Ubuntu upstream *
Gs-gpl Ubuntu edgy *
Gs-gpl Ubuntu feisty *
Jasper Ubuntu dapper *
Jasper Ubuntu devel *
Jasper Ubuntu edgy *
Jasper Ubuntu feisty *
Jasper Ubuntu upstream *

References