CVE-2025-8837 JasPer JPEG2000 File jpc_dec.c jpc_dec_dump use after free

🗓️ 11 Aug 2025 08:02:07Reported by VulDBType

CVE-2025-8837: JasPer JPEG2000 jpc_dec_dump use after free; local exploit; affected 4.2.5; patch

Reporter	Title	Published	Views	Family All 44
AlpineLinux	CVE-2025-8837	11 Aug 202508:15	–	alpinelinux
CBLMariner	CVE-2025-8837 affecting package jasper for versions less than 4.2.1-3	18 Sep 202515:12	–	cbl_mariner
CBLMariner	CVE-2025-8837 affecting package jasper for versions less than 2.0.32-5	3 Oct 202515:08	–	cbl_mariner
Circl	CVE-2025-8837	26 Sep 202522:48	–	circl
CNNVD	JasPer 安全漏洞	11 Aug 202500:00	–	cnnvd
CVE	CVE-2025-8837	11 Aug 202508:02	–	cve
EUVD	EUVD-2025-24131	3 Oct 202520:07	–	euvd
Tenable Nessus	MiracleLinux 7 : jasper-1.900.1-33.0.2.el7.AXS7 (AXSA:2025-10995:02)	13 Jan 202600:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : jasper (openSUSE-SU-2026:20138-1)	4 Feb 202600:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 Security Update : jasper (SUSE-SU-2025:03219-1)	16 Sep 202500:00	–	nessus

[
  {
    "vendor": "n/a",
    "product": "JasPer",
    "versions": [
      {
        "version": "4.2.0",
        "status": "affected"
      },
      {
        "version": "4.2.1",
        "status": "affected"
      },
      {
        "version": "4.2.2",
        "status": "affected"
      },
      {
        "version": "4.2.3",
        "status": "affected"
      },
      {
        "version": "4.2.4",
        "status": "affected"
      },
      {
        "version": "4.2.5",
        "status": "affected"
      }
    ],
    "modules": [
      "JPEG2000 File Handler"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
github	www.github.com/jasper-software/jasper/commit/8308060d3fbc1da10353ac8a95c8ea60eba9c25a
github	www.github.com/jasper-software/jasper/issues/402
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
drive	www.drive.google.com/file/d/17Ic_DDOlH7mMT7IbTN2Bmo6SrujIUh24/view

11 Aug 2025 08:02Current

CVSS 24.3

CVSS 44.8

CVSS 3.15.3

CVSS 35.3

EPSS0.00202