CVE-2018-9154
Published: 4 May 2018
There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745.
Priority
CVSS 3 base score: 7.5
Notes
Author | Note |
---|---|
mdeslaur | as of 2018-08-03, no upstream fix |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9154
- https://drive.google.com/drive/u/2/folders/1YuxdfbZrw79kfzoQz0PpxIutZ7pkf_kW
- NVD
- Launchpad
- Debian