MiracleLinux 7 : jasper-1.900.1-33.0.2.el7.AXS7 (AXSA:2025-10995:02)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10995:02 advisory. CVE-2025-8837: fix use-after-free vulnerability in jpcdecdump CVEs: CVE-2025-8837 A vulnerability was identified in JasPer up to 4.2.5. This affects the...

CVE-2025-8837

A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpcdecdump of the file src/libjasper/jpc/jpcdec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public...

PT-2025-32530

Name of the Vulnerable Software and Affected Versions: JasPer versions up to 4.2.5 Description: A use-after-free vulnerability exists in JasPer up to version 4.2.5. The issue affects the jpc dec dump function within the JPEG2000 File Handler component, located in the file src/libjasper/jpc/jpc...