CVE-2008-3520

Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
jasper_projectjasper
1.900.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ghostscript
bullseye
9.53.3~dfsg-7+deb11u7
fixed
lenny
not-affected
bullseye (security)
9.53.3~dfsg-7+deb11u8
fixed
bookworm
10.0.0~dfsg-11+deb12u4
fixed
bookworm (security)
10.0.0~dfsg-11+deb12u5
fixed
sid
10.04.0~dfsg-1
fixed
trixie
10.04.0~dfsg-1
fixed
netpbm-free
bullseye
2:10.0-15.4
fixed
lenny
not-affected
bookworm
2:11.01.00-2
fixed
sid
2:11.08.01-1
fixed
trixie
2:11.08.01-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ghostscript
oneiric
not-affected
natty
not-affected
maverick
Fixed 8.71.dfsg.2-0ubuntu7.1
released
lucid
Fixed 8.71.dfsg.1-0ubuntu5.4
released
hardy
Fixed 8.61.dfsg.1-1ubuntu3.4
released
jasper
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
intrepid
Fixed 1.900.1-5ubuntu0.1
released
hardy
Fixed 1.900.1-3ubuntu0.8.04.1
released
gutsy
Fixed 1.900.1-3ubuntu0.7.10.1
released
feisty
ignored
dapper
Fixed 1.701.0-2ubuntu0.6.06.1
released
Common Weakness Enumeration
References
http://bugs.gentoo.org/show_bug.cgi?id=222819
http://rhn.redhat.com/errata/RHSA-2015-0698.html
http://secunia.com/advisories/33173
http://secunia.com/advisories/34391
http://security.gentoo.org/glsa/glsa-200812-18.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:142
http://www.mandriva.com/security/advisories?name=MDVSA-2009:144
http://www.mandriva.com/security/advisories?name=MDVSA-2009:164
http://www.redhat.com/support/errata/RHSA-2009-0012.html
http://www.securityfocus.com/bid/31470
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
http://www.ubuntu.com/usn/USN-742-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/45621
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10141
http://bugs.gentoo.org/show_bug.cgi?id=222819
http://rhn.redhat.com/errata/RHSA-2015-0698.html
http://secunia.com/advisories/33173
http://secunia.com/advisories/34391
http://security.gentoo.org/glsa/glsa-200812-18.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:142
http://www.mandriva.com/security/advisories?name=MDVSA-2009:144
http://www.mandriva.com/security/advisories?name=MDVSA-2009:164
http://www.redhat.com/support/errata/RHSA-2009-0012.html
http://www.securityfocus.com/bid/31470
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
http://www.ubuntu.com/usn/USN-742-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/45621
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10141