CVE-2018-19541
Summary
| CVE | CVE-2018-19541 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-11-26 03:29:00 UTC |
| Updated | 2021-01-29 21:15:00 UTC |
| Description | An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c. |
Risk And Classification
Problem Types: CWE-125
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Application | Jasper Project | Jasper | 2.0.14 | All | All | All |
| Application | Jasper Project | Jasper | 2.0.14 | All | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 12 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 12 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 12 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 12 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Server | 12 | sp1 | All | All |
| Operating System | Suse | Linux Enterprise Server | 12 | sp2 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Server | 12 | sp1 | All | All |
| Operating System | Suse | Linux Enterprise Server | 12 | sp2 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [security-announce] openSUSE-SU-2019:2279-1: moderate: Security update f | SUSE | lists.opensuse.org | |
| 10 bugs found by AFLSmart (heap buffer overflows, Null pointer dereference and assertion failures) · Issue #182 · mdadams/jasper · GitHub | MISC | github.com | Exploit, Third Party Advisory |
| [security-announce] openSUSE-SU-2019:2282-1: moderate: Security update f | SUSE | lists.opensuse.org | |
| [SECURITY] [DLA 1628-1] jasper security update | MLIST | lists.debian.org | Third Party Advisory |
| Oracle Critical Patch Update Advisory - April 2020 | N/A | www.oracle.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 690456 Free Berkeley Software Distribution (FreeBSD) Security Update for jasper (6842ac7e-d250-11ea-b9b7-08002728f74c)