CVE-2015-5221

Published: Jul 25, 2017Modified: May 13, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

Affected (8)

Products: Fedoraproject: Fedora · Opensuse: Leap, Opensuse · Opensuse Project: Leap · +1 more

Show all products

Fedoraproject: Fedora · Opensuse: Leap, Opensuse · Opensuse Project: Leap · Jasper Project: Jasper

1 product

2 products

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 23
Fedoraproject Fedora	Version 24
Fedoraproject Fedora	Version 25

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.2
Opensuse Opensuse	Version 13.1
Opensuse Opensuse	Version 13.2
Opensuse Project Leap	Version 42.1

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Jasper Project Jasper	Up to 1.900.1

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (24)

http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2016-11/msg00018.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2016-11/msg00064.html

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2015/08/20/4

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHSA-2017:1208

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1255710

Source: secalert@redhat.com

Issue TrackingPatch

https://github.com/mdadams/jasper/commit/df5d2867e8004e51e18b89865bc4aa69229227b3

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QIZNTZDXOJR5BTRZKCS3GVHVZV2PWHH/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXWV22WGSQFDRPE7G6ECGP3QXS2V2A2M/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNLVBZWDEXZCFWOBZ3YVEQINMRBRX5QV/

Source: secalert@redhat.com

https://usn.ubuntu.com/3693-1/

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html