CVE-2007-2721

Summary

CVE	CVE-2007-2721
State	PUBLISHED
Assigner	mitre
Source Priority	CVE Program / NVD first with legacy fallback
Published	2007-05-16 20:30:00 UTC
Updated	2026-04-23 00:35:47 UTC
Description	The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.

Risk And Classification

Primary CVSS: v2.0 4.3 from [email protected]

AV:N/AC:M/Au:N/C:N/I:N/A:P

Problem Types: NVD-CWE-Other | n/a

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Jasper Jpeg-2000	Jasper Jpeg-2000	All	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
JasPer JPC_QCX_GetCompParm Function JP2 File Handling Remote Denial of Service Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
Support	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
Ubuntu update for jasper - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Mandriva update for jasper - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Support / Security / Advisories / / MDVSA-2009:164 \| Mandriva	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com
Webmail - OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
Debian -- Security Information -- DSA-2036-1 jasper	af854a3a-2127-422b-91ae-364da2661108	www.debian.org
Advisories - Mandriva Linux	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com
#413033 - jasper: Segfault on malformed image input. - Debian Bug report logs	af854a3a-2127-422b-91ae-364da2661108	bugs.debian.org	Exploit, Vendor Advisory
Support / Security / Advisories / / MDKSA-2007:209 \| Mandriva	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com
Mandriva update for netpbm - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
JasPer "jpc_qcx_getcompparms" Denial of Service - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org
USN-501-1: jasper vulnerability \| Ubuntu	af854a3a-2127-422b-91ae-364da2661108	www.ubuntu.com
Debian update for jasper - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Support / Security / Advisories / / MDKSA-2007:208 \| Mandriva	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com
USN-501-2: Ghostscript vulnerability \| Ubuntu	af854a3a-2127-422b-91ae-364da2661108	www.ubuntu.com
osvdb.org/36137	af854a3a-2127-422b-91ae-364da2661108	osvdb.org
Ubuntu update for ghostscript and gs-gpl - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
#413041 - jasper: Heap corruption on malformed image input. - Debian Bug report logs	af854a3a-2127-422b-91ae-364da2661108	bugs.debian.org
#413041 - jasper: Heap corruption on malformed image input. - Debian Bug report logs	af854a3a-2127-422b-91ae-364da2661108	bugs.debian.org	Exploit, Vendor Advisory
Support / Security / Advisories / / MDVSA-2009:142 \| Mandriva	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com
#413041 - jasper: Heap corruption on malformed image input. - Debian Bug report logs	MITRE	bugs.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Organization	Published	Contributor	Statement
Red Hat	2007-10-23	Mark J Cox	Not vulnerable. This issue did not affect versions of ghostscript as shipped with Red Hat Enterprise Linux 2.1, 3, 4 or 5 as they do not include a bundled JasPer library.

There are currently no legacy QID mappings associated with this CVE.