CVE-2017-13745
Summary
| CVE | CVE-2017-13745 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2017-08-29 06:29:00 UTC |
|---|
| Updated | 2023-11-07 02:38:00 UTC |
|---|
| Description | There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| JasPer: Multiple vulnerabilities (GLSA 201908-03) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| [SECURITY] Fedora 32 Update: jasper-2.0.24-1.fc32 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| 1485274 – There is a reachable assertion abort in function jpc_dec_process_sot() of JasPer that will lead to remote denial of service attack. |
MISC |
bugzilla.redhat.com |
Issue Tracking, Third Party Advisory |
| JasPer Multiple Denial of Service Vulnerabilities |
BID |
www.securityfocus.com |
|
| Oracle Critical Patch Update - January 2019 |
CONFIRM |
www.oracle.com |
|
| [SECURITY] Fedora 32 Update: jasper-2.0.24-1.fc32 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 33 Update: jasper-2.0.24-1.fc33 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| Oracle Critical Patch Update Advisory - April 2020 |
N/A |
www.oracle.com |
|
| [SECURITY] Fedora 33 Update: jasper-2.0.24-1.fc33 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 710156 Gentoo Linux JasPer Multiple Vulnerabilities (GLSA 201908-03)
