7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%
Race condition in the jas_stream_tmpfile function in
libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a
denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX
temporary file, which causes Jasper to exit. NOTE: this was originally
reported as a symlink issue, but this was incorrect. NOTE: some vendors
dispute the severity of this issue, but it satisfies CVE’s requirements for
inclusion.
Author | Note |
---|---|
kees | opened with O_EXCL |
mdeslaur | ghostscript jasper already uses appropriate temp filename |