| Vulnerability Name: | CVE-2007-2721 (CCN-34381) | ||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2007-03-01 | ||||||||||||||||||||||||||||||||||||||||
| Published: | 2007-03-01 | ||||||||||||||||||||||||||||||||||||||||
| Updated: | 2017-10-11 | ||||||||||||||||||||||||||||||||||||||||
| Summary: | The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert. | ||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||||||
| References: | Source: CONFIRM Type: Exploit, Vendor Advisory http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413033 Source: CCN Type: Debian Bug report logs - #413041 jasper: Heap corruption on malformed image input. Source: CONFIRM Type: Exploit, Vendor Advisory http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041 Source: CONFIRM Type: Exploit, Vendor Advisory http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041;msg=88 Source: MITRE Type: CNA CVE-2007-2721 Source: OSVDB Type: UNKNOWN 36137 Source: CCN Type: RHSA-2009-0012 Moderate: netpbm security update Source: CCN Type: SA25287 JasPer "jpc_qcx_getcompparms" Denial of Service Source: SECUNIA Type: UNKNOWN 25287 Source: SECUNIA Type: UNKNOWN 25703 Source: SECUNIA Type: UNKNOWN 26516 Source: SECUNIA Type: UNKNOWN 27319 Source: SECUNIA Type: UNKNOWN 27489 Source: SECUNIA Type: UNKNOWN 39505 Source: CCN Type: ASA-2009-060 netpbm security update (RHSA-2009-0012) Source: DEBIAN Type: UNKNOWN DSA-2036 Source: DEBIAN Type: DSA-2036 jasper -- programming error Source: CCN Type: JasPer Web page The JasPer Project Home Page Source: MANDRIVA Type: UNKNOWN MDKSA-2007:129 Source: MANDRIVA Type: UNKNOWN MDKSA-2007:208 Source: MANDRIVA Type: UNKNOWN MDKSA-2007:209 Source: MANDRIVA Type: UNKNOWN MDVSA-2009:142 Source: MANDRIVA Type: UNKNOWN MDVSA-2009:164 Source: CCN Type: OSVDB ID: 36137 JasPer jpc/jpc_cs.c jpc_qcx_getcompparms Function Imagine Handling DoS Source: REDHAT Type: UNKNOWN RHSA-2009:0012 Source: BID Type: UNKNOWN 24052 Source: CCN Type: BID-24052 JasPer JPC_QCX_GetCompParm Function JP2 File Handling Remote Denial of Service Vulnerability Source: CCN Type: TLSA-2007-39 Jasper denial of service Source: CCN Type: USN-501-1 jasper vulnerability Source: UBUNTU Type: UNKNOWN USN-501-1 Source: CCN Type: USN-501-2 Ghostscript vulnerability Source: UBUNTU Type: UNKNOWN USN-501-2 Source: VUPEN Type: UNKNOWN ADV-2010-0912 Source: XF Type: UNKNOWN jasper-jpcqcxgetcompparms-dos(34381) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9397 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration RedHat 6: Configuration RedHat 7: Configuration RedHat 8: Configuration RedHat 9:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||