CVE-2008-3520

HIGH

Description

Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.

References

http://bugs.gentoo.org/show_bug.cgi?id=222819

http://rhn.redhat.com/errata/RHSA-2015-0698.html

http://secunia.com/advisories/33173

http://secunia.com/advisories/34391

http://security.gentoo.org/glsa/glsa-200812-18.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2009:142

http://www.mandriva.com/security/advisories?name=MDVSA-2009:144

http://www.mandriva.com/security/advisories?name=MDVSA-2009:164

http://www.redhat.com/support/errata/RHSA-2009-0012.html

http://www.securityfocus.com/bid/31470

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606

http://www.ubuntu.com/usn/USN-742-1

https://exchange.xforce.ibmcloud.com/vulnerabilities/45621

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10141

Details

Source: MITRE

Published: 2008-10-02

Updated: 2017-09-29

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
86663Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : jasper (SSA:2015-302-02)NessusSlackware Local Security Checks
critical
81969RHEL 6 : rhevm-spice-client (RHSA-2015:0698) (POODLE)NessusRed Hat Local Security Checks
critical
67788Oracle Linux 4 / 5 : netpbm (ELSA-2009-0012)NessusOracle Linux Local Security Checks
high
66012FreeBSD : jasper -- buffer overflow (8ff84335-a7da-11e2-b3f5-003067c2616f)NessusFreeBSD Local Security Checks
critical
60534Scientific Linux Security Update : netpbm on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
57436Ubuntu 8.04 LTS / 10.04 LTS / 10.10 : ghostscript vulnerabilities (USN-1317-1)NessusUbuntu Local Security Checks
critical
43020Mandriva Linux Security Advisory : netpbm (MDVSA-2009:317)NessusMandriva Local Security Checks
critical
42997Mandriva Linux Security Advisory : ghostscript (MDVSA-2009:311)NessusMandriva Local Security Checks
critical
42275Fedora 11 : jasper-1.900.1-13.fc11 (2009-10761)NessusFedora Local Security Checks
critical
42274Fedora 10 : jasper-1.900.1-13.fc10 (2009-10737)NessusFedora Local Security Checks
critical
41255SuSE9 Security Update : jasper (YOU Patch Number 12295)NessusSuSE Local Security Checks
critical
39995openSUSE Security Update : jasper (jasper-303)NessusSuSE Local Security Checks
critical
39562Mandriva Linux Security Advisory : ghostscript (MDVSA-2009:144)NessusMandriva Local Security Checks
critical
39552Mandriva Linux Security Advisory : jasper (MDVSA-2009:142-1)NessusMandriva Local Security Checks
critical
37359Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : jasper vulnerabilities (USN-742-1)NessusUbuntu Local Security Checks
critical
35652RHEL 4 / 5 : netpbm (RHSA-2009:0012)NessusRed Hat Local Security Checks
high
35650CentOS 4 : netpbm (CESA-2009:0012)NessusCentOS Local Security Checks
high
35189GLSA-200812-18 : JasPer: User-assisted execution of arbitrary codeNessusGentoo Local Security Checks
critical
34982openSUSE 10 Security Update : jasper (jasper-5771)NessusSuSE Local Security Checks
critical
34968SuSE 10 Security Update : jasper (ZYPP Patch Number 5782)NessusSuSE Local Security Checks
critical