{"api_version":"1","generated_at":"2026-04-23T01:52:32+00:00","cve":"CVE-2017-14132","urls":{"html":"https://cve.report/CVE-2017-14132","api":"https://cve.report/api/cve/CVE-2017-14132.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-14132","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-14132"},"summary":{"title":"CVE-2017-14132","description":"JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2017-09-04 20:29:00","updated_at":"2023-11-07 02:38:00"},"problem_types":["CWE-125"],"metrics":[],"references":[{"url":"https://security.gentoo.org/glsa/201908-03","name":"GLSA-201908-03","refsource":"GENTOO","tags":[],"title":"JasPer: Multiple vulnerabilities (GLSA 201908-03) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/","name":"FEDORA-2021-0a6290f865","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 32 Update: jasper-2.0.24-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html","name":"openSUSE-SU-2020:1517","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2020:1517-1: moderate: Security update f","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/mdadams/jasper/issues/147","name":"https://github.com/mdadams/jasper/issues/147","refsource":"MISC","tags":["Exploit","Patch","Third Party Advisory"],"title":"heap-based buffer overflow in jas_image_chclrspc(jas_image.c) · Issue #147 · mdadams/jasper · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html","name":"openSUSE-SU-2020:1523","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2020:1523-1: moderate: Security update f","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/","name":"FEDORA-2021-0a6290f865","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: jasper-2.0.24-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/","name":"FEDORA-2021-2b151590d9","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 33 Update: jasper-2.0.24-1.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html","name":"[debian-lts-announce] 20181121 [SECURITY] [DLA 1583-1] jasper security update","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 1583-1] jasper security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/","name":"FEDORA-2021-2b151590d9","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: jasper-2.0.24-1.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-14132","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14132","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"14132","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14132","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14132","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"jasper_project","cpe5":"jasper","cpe6":"2.0.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14132","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"jasper_project","cpe5":"jasper","cpe6":"2.0.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2017-14132","qid":"690456","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for jasper (6842ac7e-d250-11ea-b9b7-08002728f74c)"},{"cve":"CVE-2017-14132","qid":"710156","title":"Gentoo Linux JasPer Multiple Vulnerabilities (GLSA 201908-03)"},{"cve":"CVE-2017-14132","qid":"750631","title":"OpenSUSE Security Update for jasper (openSUSE-SU-2020:1523-1)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2017-14132","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"[debian-lts-announce] 20181121 [SECURITY] [DLA 1583-1] jasper security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html"},{"name":"https://github.com/mdadams/jasper/issues/147","refsource":"MISC","url":"https://github.com/mdadams/jasper/issues/147"},{"refsource":"GENTOO","name":"GLSA-201908-03","url":"https://security.gentoo.org/glsa/201908-03"},{"refsource":"SUSE","name":"openSUSE-SU-2020:1517","url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html"},{"refsource":"SUSE","name":"openSUSE-SU-2020:1523","url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html"},{"refsource":"FEDORA","name":"FEDORA-2021-2b151590d9","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/"},{"refsource":"FEDORA","name":"FEDORA-2021-0a6290f865","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/"}]}},"nvd":{"publishedDate":"2017-09-04 20:29:00","lastModifiedDate":"2023-11-07 02:38:00","problem_types":["CWE-125"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:jasper_project:jasper:2.0.13:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"14132","Ordinal":"111560","Title":"CVE-2017-14132","CVE":"CVE-2017-14132","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"14132","Ordinal":"1","NoteData":"JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"14132","Ordinal":"2","NoteData":"2017-09-04","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"14132","Ordinal":"3","NoteData":"2021-02-02","Type":"Other","Title":"Modified"}]}}}