Medium severity6.5NVD Advisory· Published Sep 4, 2017· Updated Jun 17, 2026
CVE-2017-14132
CVE-2017-14132
Description
JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14- cpe:2.3:a:jasper_project:jasper:2.0.13:*:*:*:*:*:*:*
- osv-coords11 versionspkg:rpm/opensuse/jasper&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/jasper&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/jasper&distro=openSUSE%20Tumbleweedpkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 2.0.14-lp151.4.9.1+ 10 more
- (no CPE)range: < 2.0.14-lp151.4.9.1
- (no CPE)range: < 2.0.14-lp152.7.3.1
- (no CPE)range: < 2.0.33-1.2
- (no CPE)range: < 2.0.14-3.16.1
- (no CPE)range: < 2.0.14-3.16.1
- (no CPE)range: < 2.0.14-3.16.1
- (no CPE)range: < 2.0.14-3.16.1
- (no CPE)range: < 2.0.14-3.16.1
- (no CPE)range: < 1.900.14-195.22.1
- (no CPE)range: < 1.900.14-195.22.1
- (no CPE)range: < 1.900.14-195.22.1
Patches
Vulnerability mechanics
References
7- github.com/mdadams/jasper/issues/147nvdExploitPatchThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/11/msg00023.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.htmlnvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/nvd
- security.gentoo.org/glsa/201908-03nvd
News mentions
0No linked articles in our index yet.