Detections
Analytics
Alpine: multiple jasper packages: security update to 1.900.1-r9 (deprecated)
medium Tenable Self-Hosted Container Security Plugin ID 401119
Description
There are packages installed that are affected by a vulnerability referenced in the following CVE:- Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote
attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. (CVE-2015-5203)
See Also
https://git.alpinelinux.org/aports/commit/?id=2b2d458b50da34ebb2659bbdcaecac89f7945dd6
https://git.alpinelinux.org/aports/commit/?id=ee0854478ac13a09a35a848e82d9bd24e60b3468
Plugin Details
Severity: Medium
ID: 401119
Version: Revision 1.23
Type: Local
Published: 8/16/2023
Updated: 6/29/2026
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2015-5203
CVSS v3
Risk Factor: Medium
Base Score: 5.5
Temporal Score: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Exploit Ease: No known exploits are available
Patch Publication Date: 9/21/2015
Vulnerability Publication Date: 8/24/2015
Reference Information
CVE: CVE-2015-5203
BID: 76459