CVE-2008-3522

HIGH

Description

Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.

References

http://bugs.gentoo.org/attachment.cgi?id=163282&action=view

http://bugs.gentoo.org/show_bug.cgi?id=222819

http://rhn.redhat.com/errata/RHSA-2015-0698.html

http://secunia.com/advisories/33173

http://secunia.com/advisories/34391

http://security.gentoo.org/glsa/glsa-200812-18.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2009:142

http://www.mandriva.com/security/advisories?name=MDVSA-2009:144

http://www.mandriva.com/security/advisories?name=MDVSA-2009:164

http://www.securityfocus.com/bid/31470

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606

http://www.ubuntu.com/usn/USN-742-1

https://exchange.xforce.ibmcloud.com/vulnerabilities/45623

Details

Source: MITRE

Published: 2008-10-02

Updated: 2017-08-08

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (22 total)

ID	Name	Product	Family	Severity
94945	openSUSE Security Update : jasper (openSUSE-2016-1309)	Nessus	SuSE Local Security Checks	critical
94729	SUSE SLES11 Security Update : jasper (SUSE-SU-2016:2776-1)	Nessus	SuSE Local Security Checks	critical
94728	SUSE SLED12 / SLES12 Security Update : jasper (SUSE-SU-2016:2775-1)	Nessus	SuSE Local Security Checks	critical
94601	openSUSE Security Update : jasper (openSUSE-2016-1270)	Nessus	SuSE Local Security Checks	critical
94596	openSUSE Security Update : jasper (openSUSE-2016-1263)	Nessus	SuSE Local Security Checks	critical
86663	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : jasper (SSA:2015-302-02)	Nessus	Slackware Local Security Checks	critical
81969	RHEL 6 : rhevm-spice-client (RHSA-2015:0698) (POODLE)	Nessus	Red Hat Local Security Checks	critical
66012	FreeBSD : jasper -- buffer overflow (8ff84335-a7da-11e2-b3f5-003067c2616f)	Nessus	FreeBSD Local Security Checks	critical
57436	Ubuntu 8.04 LTS / 10.04 LTS / 10.10 : ghostscript vulnerabilities (USN-1317-1)	Nessus	Ubuntu Local Security Checks	critical
48223	Debian DSA-2080-1 : ghostscript - several vulnerabilities	Nessus	Debian Local Security Checks	critical
43020	Mandriva Linux Security Advisory : netpbm (MDVSA-2009:317)	Nessus	Mandriva Local Security Checks	critical
42997	Mandriva Linux Security Advisory : ghostscript (MDVSA-2009:311)	Nessus	Mandriva Local Security Checks	critical
42275	Fedora 11 : jasper-1.900.1-13.fc11 (2009-10761)	Nessus	Fedora Local Security Checks	critical
42274	Fedora 10 : jasper-1.900.1-13.fc10 (2009-10737)	Nessus	Fedora Local Security Checks	critical
41255	SuSE9 Security Update : jasper (YOU Patch Number 12295)	Nessus	SuSE Local Security Checks	critical
39995	openSUSE Security Update : jasper (jasper-303)	Nessus	SuSE Local Security Checks	critical
39562	Mandriva Linux Security Advisory : ghostscript (MDVSA-2009:144)	Nessus	Mandriva Local Security Checks	critical
39552	Mandriva Linux Security Advisory : jasper (MDVSA-2009:142-1)	Nessus	Mandriva Local Security Checks	critical
37359	Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : jasper vulnerabilities (USN-742-1)	Nessus	Ubuntu Local Security Checks	critical
35189	GLSA-200812-18 : JasPer: User-assisted execution of arbitrary code	Nessus	Gentoo Local Security Checks	critical
34982	openSUSE 10 Security Update : jasper (jasper-5771)	Nessus	SuSE Local Security Checks	critical
34968	SuSE 10 Security Update : jasper (ZYPP Patch Number 5782)	Nessus	SuSE Local Security Checks	critical