Medium severity5.3NVD Advisory· Published Aug 11, 2025· Updated Apr 29, 2026
CVE-2025-8837
CVE-2025-8837
Description
A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*range: <=4.2.5
- (no CPE)range: <=4.2.5
- osv-coords10 versionspkg:rpm/opensuse/jasper&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/jasper&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/jasper&distro=openSUSE%20Tumbleweedpkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
< 4.2.8-150600.4.5.1+ 9 more
- (no CPE)range: < 4.2.8-150600.4.5.1
- (no CPE)range: < 4.2.8-160000.1.1
- (no CPE)range: < 4.2.8-2.1
- (no CPE)range: < 2.0.14-150000.3.37.1
- (no CPE)range: < 2.0.14-150000.3.37.1
- (no CPE)range: < 4.2.8-150600.4.5.1
- (no CPE)range: < 4.2.8-150600.4.5.1
- (no CPE)range: < 4.2.8-160000.1.1
- (no CPE)range: < 4.2.8-160000.1.1
- (no CPE)range: < 1.900.14-195.43.1
Patches
Vulnerability mechanics
References
7- github.com/jasper-software/jasper/commit/8308060d3fbc1da10353ac8a95c8ea60eba9c25anvdPatch
- drive.google.com/file/d/17Ic_DDOlH7mMT7IbTN2Bmo6SrujIUh24/viewnvdExploit
- github.com/jasper-software/jasper/issues/402nvdExploitIssue TrackingVendor Advisory
- vuldb.comnvdExploitThird Party AdvisoryVDB Entry
- vuldb.comnvdExploitThird Party AdvisoryVDB Entry
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdPermissions RequiredVDB Entry
News mentions
0No linked articles in our index yet.