5.5

CVE-2018-18873

Exploit
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jasper ProjectJasper Version2.0.14
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
DebianDebian Linux Version8.0
SuseLinux Enterprise Desktop Version12 Updatesp3
SuseLinux Enterprise Desktop Version12 Updatesp4
SuseLinux Enterprise Server Version11 Updatesp3 SwEditionltss
SuseLinux Enterprise Server Version11 Updatesp4
SuseLinux Enterprise Server Version12 Updatesp1
SuseLinux Enterprise Server Version12 Updatesp2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.37% 0.684
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://www.oracle.com/security-alerts/cpuapr2020.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html
https://security.gentoo.org/glsa/201908-03
Third Party Advisory
https://github.com/mdadams/jasper/issues/184
Third Party Advisory
Exploit
https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html
Third Party Advisory
Mailing List