CVE-2008-3520

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.

References

http://bugs.gentoo.org/show_bug.cgi?id=222819

http://rhn.redhat.com/errata/RHSA-2015-0698.html

http://secunia.com/advisories/33173

http://secunia.com/advisories/34391

http://security.gentoo.org/glsa/glsa-200812-18.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2009:142

http://www.mandriva.com/security/advisories?name=MDVSA-2009:144

http://www.mandriva.com/security/advisories?name=MDVSA-2009:164

http://www.redhat.com/support/errata/RHSA-2009-0012.html

http://www.securityfocus.com/bid/31470

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606

http://www.ubuntu.com/usn/USN-742-1

https://exchange.xforce.ibmcloud.com/vulnerabilities/45621

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10141

Details

Source: MITRE

Published: 2008-10-02

Updated: 2017-09-29

Type: CWE-189

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
86663Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : jasper (SSA:2015-302-02)NessusSlackware Local Security Checks
critical
81969RHEL 6 : rhevm-spice-client (RHSA-2015:0698) (POODLE)NessusRed Hat Local Security Checks
low
67788Oracle Linux 4 / 5 : netpbm (ELSA-2009-0012)NessusOracle Linux Local Security Checks
high
66012FreeBSD : jasper -- buffer overflow (8ff84335-a7da-11e2-b3f5-003067c2616f)NessusFreeBSD Local Security Checks
critical
60534Scientific Linux Security Update : netpbm on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
57436Ubuntu 8.04 LTS / 10.04 LTS / 10.10 : ghostscript vulnerabilities (USN-1317-1)NessusUbuntu Local Security Checks
critical
43020Mandriva Linux Security Advisory : netpbm (MDVSA-2009:317)NessusMandriva Local Security Checks
critical
42997Mandriva Linux Security Advisory : ghostscript (MDVSA-2009:311)NessusMandriva Local Security Checks
critical
42275Fedora 11 : jasper-1.900.1-13.fc11 (2009-10761)NessusFedora Local Security Checks
critical
42274Fedora 10 : jasper-1.900.1-13.fc10 (2009-10737)NessusFedora Local Security Checks
critical
41255SuSE9 Security Update : jasper (YOU Patch Number 12295)NessusSuSE Local Security Checks
critical
39995openSUSE Security Update : jasper (jasper-303)NessusSuSE Local Security Checks
critical
39562Mandriva Linux Security Advisory : ghostscript (MDVSA-2009:144)NessusMandriva Local Security Checks
critical
39552Mandriva Linux Security Advisory : jasper (MDVSA-2009:142-1)NessusMandriva Local Security Checks
critical
37359Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : jasper vulnerabilities (USN-742-1)NessusUbuntu Local Security Checks
critical
35652RHEL 4 / 5 : netpbm (RHSA-2009:0012)NessusRed Hat Local Security Checks
high
35650CentOS 4 : netpbm (CESA-2009:0012)NessusCentOS Local Security Checks
high
35189GLSA-200812-18 : JasPer: User-assisted execution of arbitrary codeNessusGentoo Local Security Checks
critical
34982openSUSE 10 Security Update : jasper (jasper-5771)NessusSuSE Local Security Checks
critical
34968SuSE 10 Security Update : jasper (ZYPP Patch Number 5782)NessusSuSE Local Security Checks
critical