Lucene search

K

[email protected]CVE-2015-5221

HistoryJul 25, 2017 - 6:29 p.m.

CVE-2015-5221

2017-07-2518:29:00

CWE-416

[email protected]

web.nvd.nist.gov

85

cve-2015-5221

vulnerability

libjasper

denial of service

crash

jpeg 2000

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.8 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.2%

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

Affected configurations

NVD

Node

fedoraprojectfedoraMatch23

OR

fedoraprojectfedoraMatch24

OR

fedoraprojectfedoraMatch25

Node

opensuseleapMatch42.2

OR

opensuseopensuseMatch13.1

OR

opensuseopensuseMatch13.2

OR

opensuse_projectleapMatch42.1

Node

jasper_projectjasperRange≤1.900.1

CPENameOperatorVersion
fedoraproject:fedorafedoraproject fedoraeq23
fedoraproject:fedorafedoraproject fedoraeq24
fedoraproject:fedorafedoraproject fedoraeq25

References

lists.opensuse.org/opensuse-updates/2016-11/msg00010.html

lists.opensuse.org/opensuse-updates/2016-11/msg00018.html

lists.opensuse.org/opensuse-updates/2016-11/msg00064.html

www.openwall.com/lists/oss-security/2015/08/20/4

access.redhat.com/errata/RHSA-2017:1208

bugzilla.redhat.com/show_bug.cgi?id=1255710

github.com/mdadams/jasper/commit/df5d2867e8004e51e18b89865bc4aa69229227b3

lists.debian.org/debian-lts-announce/2018/11/msg00023.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QIZNTZDXOJR5BTRZKCS3GVHVZV2PWHH/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXWV22WGSQFDRPE7G6ECGP3QXS2V2A2M/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNLVBZWDEXZCFWOBZ3YVEQINMRBRX5QV/

usn.ubuntu.com/3693-1/

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.8 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.2%

Related for CVE-2015-5221

ubuntucve1 prion1 cvelist1 veracode1 nvd1 nessus21 mageia1 freebsd1 openvas13 fedora3 osv1 debian1 cloudfoundry1 ubuntu1 redhat1 ibm2 amazon1 centos1 oraclelinux1 kitploit1