Lucene search
Ubuntu.comUB:CVE-2024-31744HistoryApr 19, 2024 - 12:00 a.m.
CVE-2024-31744
2024-04-1900:00:00
ubuntu.com
ubuntu.com
7
jasper version 4.2.2
jpc_streamlist_remove
assertion failure
vulnerability
denial of service
specific image file
bug report
unix
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.2
Confidence
High
EPSS
0
Percentile
9.0%
In Jasper 4.2.2, the jpc_streamlist_remove function in
src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability,
allowing attackers to cause a denial of service attack through a specific
image file.
Bugs
Related
cvelist
cvelist
CVE-2024-31744
2024-04-19 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0144)
2024-04-26 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1396-1)
2024-05-07 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1464-1)
2024-08-20 00:00:00
nessus
nessus
SUSE SLES12 Security Update : jasper (SUSE-SU-2024:1396-1)
2024-04-24 00:00:00
veracode
veracode
Assertion Failure
2024-04-22 06:14:10
vulnrichment
vulnrichment
CVE-2024-31744
2024-04-19 00:00:00
osv
osv
CVE-2024-31744
2024-04-19 13:15:13
jasper-4.2.3-2.1 on GA media
2024-06-15 00:00:00
mageia
mageia
Updated jasper packages fix security vulnerability
2024-04-25 19:00:30
cve
cve
CVE-2024-31744
2024-04-19 13:15:13
nvd
nvd
CVE-2024-31744
2024-04-19 13:15:13
cbl_mariner
cbl_mariner
CVE-2024-31744 affecting package jasper for versions less than 4.2.1-2
2024-05-31 18:55:08
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.2
Confidence
High
EPSS
0
Percentile
9.0%
Related for UB:CVE-2024-31744