CVE-2007-2721

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413033

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041;msg=88

http://osvdb.org/36137

http://secunia.com/advisories/25287

http://secunia.com/advisories/25703

http://secunia.com/advisories/26516

http://secunia.com/advisories/27319

http://secunia.com/advisories/27489

http://secunia.com/advisories/39505

http://www.debian.org/security/2010/dsa-2036

http://www.mandriva.com/security/advisories?name=MDKSA-2007:129

http://www.mandriva.com/security/advisories?name=MDKSA-2007:208

http://www.mandriva.com/security/advisories?name=MDKSA-2007:209

http://www.mandriva.com/security/advisories?name=MDVSA-2009:142

http://www.mandriva.com/security/advisories?name=MDVSA-2009:164

http://www.redhat.com/support/errata/RHSA-2009-0012.html

http://www.securityfocus.com/bid/24052

http://www.ubuntu.com/usn/usn-501-1

http://www.ubuntu.com/usn/usn-501-2

http://www.vupen.com/english/advisories/2010/0912

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9397

Details

Source: MITRE

Published: 2007-05-16

Updated: 2017-10-11

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:jasper_jpeg-2000:jasper_jpeg-2000:*:*:*:*:*:*:*:* versions up to 1.701.1 (inclusive)

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
67788Oracle Linux 4 / 5 : netpbm (ELSA-2009-0012)NessusOracle Linux Local Security Checks
high
62267Fedora 7 : jasper-1.900.1-2.fc7 (2007-0005)NessusFedora Local Security Checks
medium
60534Scientific Linux Security Update : netpbm on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
45558Debian DSA-2036-1 : jasper - programming errorNessusDebian Local Security Checks
medium
39552Mandriva Linux Security Advisory : jasper (MDVSA-2009:142-1)NessusMandriva Local Security Checks
critical
37643Mandrake Linux Security Advisory : ghostscript (MDKSA-2007:208)NessusMandriva Local Security Checks
medium
35652RHEL 4 / 5 : netpbm (RHSA-2009:0012)NessusRed Hat Local Security Checks
high
35650CentOS 4 : netpbm (CESA-2009:0012)NessusCentOS Local Security Checks
high
29506SuSE 10 Security Update : netpbm (ZYPP Patch Number 4688)NessusSuSE Local Security Checks
medium
29344openSUSE 10 Security Update : libnetpbm (libnetpbm-4694)NessusSuSE Local Security Checks
medium
28105Ubuntu 6.10 / 7.04 / 7.10 : ghostscript, gs-gpl vulnerability (USN-501-2)NessusUbuntu Local Security Checks
medium
28104Ubuntu 6.06 LTS / 6.10 / 7.04 : jasper vulnerability (USN-501-1)NessusUbuntu Local Security Checks
medium
27643Mandrake Linux Security Advisory : netpbm (MDKSA-2007:209)NessusMandriva Local Security Checks
medium
25564Mandrake Linux Security Advisory : jasper (MDKSA-2007:129)NessusMandriva Local Security Checks
medium