7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.031 Low
EPSS
Percentile
90.0%
Double free vulnerability in the jas_iccattrval_destroy function in
JasPer 1.900.1 and earlier allows remote attackers to cause a denial of
service (crash) or possibly execute arbitrary code via a crafted ICC
color profile in a JPEG 2000 image file.
The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows
remote attackers to cause a denial of service (invalid read and
application crash) via a crafted JPEG 2000 image.
Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1
and earlier allows remote attackers to cause a denial of service
(memory consumption) via a crafted ICC color profile in a JPEG 2000
image file.
7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.031 Low
EPSS
Percentile
90.0%