Unrated severityNVD Advisory· Published May 4, 2018· Updated Aug 5, 2024
CVE-2018-9154
CVE-2018-9154
Description
There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745.
Affected products
10- osv-coords10 versionspkg:rpm/opensuse/jasper&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/jasper&distro=openSUSE%20Tumbleweedpkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 2.0.14-lp151.4.6.1+ 9 more
- (no CPE)range: < 2.0.14-lp151.4.6.1
- (no CPE)range: < 2.0.33-1.2
- (no CPE)range: < 2.0.14-3.11.8
- (no CPE)range: < 2.0.14-3.11.8
- (no CPE)range: < 2.0.14-3.11.8
- (no CPE)range: < 2.0.14-3.11.8
- (no CPE)range: < 2.0.14-3.11.8
- (no CPE)range: < 1.900.14-195.22.1
- (no CPE)range: < 1.900.14-195.22.1
- (no CPE)range: < 1.900.14-195.22.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- security.gentoo.org/glsa/201908-03mitrevendor-advisoryx_refsource_GENTOO
- drive.google.com/drive/u/2/folders/1YuxdfbZrw79kfzoQz0PpxIutZ7pkf_kWmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpuapr2020.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.