CVE-2017-13752

There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

Summary:

There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

Reference Links(if available):

  • https://bugzilla.redhat.com/show_bug.cgi?id=1485276
  • http://www.securityfocus.com/bid/100514
  • https://security.gentoo.org/glsa/201908-03
  • https://lists.fedoraproject.org/archives/list/[email protected]/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/
  • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P

    v3: / HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Links to Exploits(if available)