CVE-2018-9154

Published: 04 May 2018

There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745.

Priority

Negligible

CVSS 3 base score: 7.5

Status

Package Release Status
jasper
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Deferred
(2018-08-03)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was deferred [2018-08-03])