CVE-2024-31744

Published: 19 April 2024

In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file.

Priority

Status

Package	Release	Status
jasper Launchpad, Ubuntu, Debian	focal	Does not exist
	jammy	Does not exist
	mantic	Does not exist
	noble	Does not exist
	upstream	Needs triage
	xenial	Needs triage
	Patches: upstream: https://github.com/jasper-software/jasper/commit/6d084c53a77762f41bb5310713a5f1872fef55f5

References

https://www.cve.org/CVERecord?id=CVE-2024-31744
NVD
Launchpad
Debian

Bugs

https://github.com/jasper-software/jasper/issues/381

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›