JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Jasper | Jasper_project | 2.0.12 (including) | 2.0.12 (including) |
| Red Hat Enterprise Linux 7 | RedHat | jasper-0:1.900.1-33.el7 | * |
| Jasper | Ubuntu | esm-infra/xenial | * |
| Jasper | Ubuntu | trusty | * |
| Jasper | Ubuntu | xenial | * |
| Jasper | Ubuntu | yakkety | * |
Potential Mitigations
References
- http://www.openwall.com/lists/oss-security/2017/03/06/1
- http://www.securityfocus.com/bid/96595
- https://access.redhat.com/errata/RHSA-2018:3253
- https://access.redhat.com/errata/RHSA-2018:3505
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/
- https://security.gentoo.org/glsa/201908-03
- https://usn.ubuntu.com/3693-1/
- http://www.openwall.com/lists/oss-security/2017/03/06/1
- http://www.securityfocus.com/bid/96595
- https://access.redhat.com/errata/RHSA-2018:3253
- https://access.redhat.com/errata/RHSA-2018:3505
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/
- https://security.gentoo.org/glsa/201908-03
- https://usn.ubuntu.com/3693-1/