Your submission was sent successfully! Close

CVE-2018-9154

Published: 4 May 2018

There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745.

Priority

Negligible

CVSS 3 base score: 7.5

Status

Package Release Status
jasper
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

precise Does not exist

trusty Does not exist
(trusty was deferred [2018-08-03])
upstream Needs triage

xenial Deferred
(2018-08-03)