Lucene search

[email protected]CVE-2007-2721

HistoryMay 16, 2007 - 8:30 p.m.

CVE-2007-2721

2007-05-1620:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-2721

jpc_qcx_getcompparms

jpc_cs.c

libjasper

denial of service

crash

heap corruption

image files

remote exploit

nvd

vulnerability

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.069 Low

EPSS

Percentile

93.9%

JSON

The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.

CPENameOperatorVersion
jasper_jpeg-2000:jasper_jpeg-2000jasper jpeg-2000le1.701.1

CPE	Name	Operator	Version
jasper_jpeg-2000:jasper_jpeg-2000	jasper jpeg-2000	le	1.701.1

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=413033

bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041

bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041%3Bmsg=88

osvdb.org/36137

secunia.com/advisories/25287

secunia.com/advisories/25703

secunia.com/advisories/26516

secunia.com/advisories/27319

secunia.com/advisories/27489

secunia.com/advisories/39505

www.debian.org/security/2010/dsa-2036

www.mandriva.com/security/advisories?name=MDKSA-2007:129

www.mandriva.com/security/advisories?name=MDKSA-2007:208

www.mandriva.com/security/advisories?name=MDKSA-2007:209

www.mandriva.com/security/advisories?name=MDVSA-2009:142

www.mandriva.com/security/advisories?name=MDVSA-2009:164

www.redhat.com/support/errata/RHSA-2009-0012.html

www.securityfocus.com/bid/24052

www.ubuntu.com/usn/usn-501-1

www.ubuntu.com/usn/usn-501-2

www.vupen.com/english/advisories/2010/0912

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9397

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.069 Low

EPSS

Percentile

93.9%

JSON

Related for CVE-2007-2721

openvas29 nessus14 ubuntu2 securityvulns2 prion1 veracode1 debiancve1 ubuntucve1 fedora1 centos1 oraclelinux1 redhat1 debian1