CVE-2008-3521

2008-10-0200:00:00

ubuntu.com

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Race condition in the jas_stream_tmpfile function in
libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a
denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX
temporary file, which causes Jasper to exit. NOTE: this was originally
reported as a symlink issue, but this was incorrect. NOTE: some vendors
dispute the severity of this issue, but it satisfies CVE’s requirements for
inclusion.

Bugs

Notes

Author	Note
kees	opened with O_EXCL
mdeslaur	ghostscript jasper already uses appropriate temp filename

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchjasper< 1.701.0-2ubuntu0.6.06.1UNKNOWN
ubuntu7.10noarchjasper< 1.900.1-3ubuntu0.7.10.1UNKNOWN
ubuntu8.04noarchjasper< 1.900.1-3ubuntu0.8.04.1UNKNOWN
ubuntu8.10noarchjasper< 1.900.1-5ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	jasper	< 1.701.0-2ubuntu0.6.06.1	UNKNOWN
ubuntu	7.10	noarch	jasper	< 1.900.1-3ubuntu0.7.10.1	UNKNOWN
ubuntu	8.04	noarch	jasper	< 1.900.1-3ubuntu0.8.04.1	UNKNOWN
ubuntu	8.10	noarch	jasper	< 1.900.1-5ubuntu0.1	UNKNOWN