7.2

CVE-2008-3521

Exploit
Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit.  NOTE: this was originally reported as a symlink issue, but this was incorrect.  NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jasper ProjectJasper Version1.900.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.45% 0.36
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://www.mandriva.com/security/advisories?name=MDVSA-2009:142
http://www.mandriva.com/security/advisories?name=MDVSA-2009:164
http://bugs.gentoo.org/show_bug.cgi?id=222819
http://secunia.com/advisories/34391
http://www.securityfocus.com/bid/31470
http://www.ubuntu.com/usn/USN-742-1
http://bugs.gentoo.org/attachment.cgi?id=163282&action=view
Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3521
https://exchange.xforce.ibmcloud.com/vulnerabilities/45622