5.5

CVE-2015-5203

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FedoraprojectFedora Version23
FedoraprojectFedora Version24
FedoraprojectFedora Version25
OpensuseLeap Version42.2
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
Opensuse ProjectLeap Version42.1
Jasper ProjectJasper Version1.900.17
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.93% 0.774
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-415 Double Free

The product calls free() twice on the same memory address.

https://access.redhat.com/errata/RHSA-2017:1208
Third Party Advisory
https://usn.ubuntu.com/3693-1/
https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html
http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/201707-07
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-11/msg00018.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2016-11/msg00064.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QIZNTZDXOJR5BTRZKCS3GVHVZV2PWHH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXWV22WGSQFDRPE7G6ECGP3QXS2V2A2M/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNLVBZWDEXZCFWOBZ3YVEQINMRBRX5QV/
http://www.openwall.com/lists/oss-security/2015/08/16/2
Third Party Advisory
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=1254242
Third Party Advisory
Issue Tracking