CVE-2018-19139

Published: Nov 9, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.

Affected (3)

Products: Jasper Project: Jasper · Redhat: Fedora · Debian: Debian Linux

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jasper Project Jasper	Version 2.0.14

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Fedora	All versions

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

CWE-772

Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

References (12)

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/105956

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://github.com/mdadams/jasper/issues/188

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://www.oracle.com/security-alerts/cpuapr2020.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html