CVE-2008-3522

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.

References

http://bugs.gentoo.org/attachment.cgi?id=163282&action=view

http://bugs.gentoo.org/show_bug.cgi?id=222819

http://rhn.redhat.com/errata/RHSA-2015-0698.html

http://secunia.com/advisories/33173

http://secunia.com/advisories/34391

http://security.gentoo.org/glsa/glsa-200812-18.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2009:142

http://www.mandriva.com/security/advisories?name=MDVSA-2009:144

http://www.mandriva.com/security/advisories?name=MDVSA-2009:164

http://www.securityfocus.com/bid/31470

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606

http://www.ubuntu.com/usn/USN-742-1

https://exchange.xforce.ibmcloud.com/vulnerabilities/45623

Details

Source: MITRE

Published: 2008-10-02

Updated: 2017-08-08

Type: CWE-119

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:redhat:enterprise_virtualization:3.5:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
94945openSUSE Security Update : jasper (openSUSE-2016-1309)NessusSuSE Local Security Checks
high
94729SUSE SLES11 Security Update : jasper (SUSE-SU-2016:2776-1)NessusSuSE Local Security Checks
high
94728SUSE SLED12 / SLES12 Security Update : jasper (SUSE-SU-2016:2775-1)NessusSuSE Local Security Checks
high
94601openSUSE Security Update : jasper (openSUSE-2016-1270)NessusSuSE Local Security Checks
high
94596openSUSE Security Update : jasper (openSUSE-2016-1263)NessusSuSE Local Security Checks
high
86663Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : jasper (SSA:2015-302-02)NessusSlackware Local Security Checks
critical
81969RHEL 6 : rhevm-spice-client (RHSA-2015:0698) (POODLE)NessusRed Hat Local Security Checks
low
66012FreeBSD : jasper -- buffer overflow (8ff84335-a7da-11e2-b3f5-003067c2616f)NessusFreeBSD Local Security Checks
critical
57436Ubuntu 8.04 LTS / 10.04 LTS / 10.10 : ghostscript vulnerabilities (USN-1317-1)NessusUbuntu Local Security Checks
critical
48223Debian DSA-2080-1 : ghostscript - several vulnerabilitiesNessusDebian Local Security Checks
critical
43020Mandriva Linux Security Advisory : netpbm (MDVSA-2009:317)NessusMandriva Local Security Checks
critical
42997Mandriva Linux Security Advisory : ghostscript (MDVSA-2009:311)NessusMandriva Local Security Checks
critical
42275Fedora 11 : jasper-1.900.1-13.fc11 (2009-10761)NessusFedora Local Security Checks
critical
42274Fedora 10 : jasper-1.900.1-13.fc10 (2009-10737)NessusFedora Local Security Checks
critical
41255SuSE9 Security Update : jasper (YOU Patch Number 12295)NessusSuSE Local Security Checks
critical
39995openSUSE Security Update : jasper (jasper-303)NessusSuSE Local Security Checks
critical
39562Mandriva Linux Security Advisory : ghostscript (MDVSA-2009:144)NessusMandriva Local Security Checks
critical
39552Mandriva Linux Security Advisory : jasper (MDVSA-2009:142-1)NessusMandriva Local Security Checks
critical
37359Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : jasper vulnerabilities (USN-742-1)NessusUbuntu Local Security Checks
critical
35189GLSA-200812-18 : JasPer: User-assisted execution of arbitrary codeNessusGentoo Local Security Checks
critical
34982openSUSE 10 Security Update : jasper (jasper-5771)NessusSuSE Local Security Checks
critical
34968SuSE 10 Security Update : jasper (ZYPP Patch Number 5782)NessusSuSE Local Security Checks
critical