CVE-2022-2963

Published: Oct 14, 2022Modified: May 15, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault.

Affected (4)

Products: Jasper Project: Jasper · Fedoraproject: Fedora · Redhat: Enterprise Linux

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jasper Project Jasper	Version 3.0.6

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 36

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux	Version 9.0

Related CWEs

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (6)

https://access.redhat.com/security/cve/CVE-2022-2963

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2118587

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://github.com/jasper-software/jasper/issues/332

Source: secalert@redhat.com

ExploitIssue TrackingThird Party Advisory

https://access.redhat.com/security/cve/CVE-2022-2963

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2118587

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://github.com/jasper-software/jasper/issues/332

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.