CVE-2008-3521

Published: 02 October 2008

Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.

Priority

Negligible

Status

Package Release Status
ghostscript
Launchpad, Ubuntu, Debian
Upstream Needs triage

jasper
Launchpad, Ubuntu, Debian
Upstream
Released (1.900.1-5.1)
Patches:
Vendor: http://patch-tracking.debian.net/patch/series/view/jasper/1.900.1-5.1/02_security.dpatch