CVE-2008-3522

Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
redhatenterprise_virtualization
3.5
jasper_projectjasper
1.900.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ghostscript
bookworm
10.0.0~dfsg-11+deb12u4
fixed
bookworm (security)
10.0.0~dfsg-11+deb12u5
fixed
bullseye
9.53.3~dfsg-7+deb11u7
fixed
bullseye (security)
9.53.3~dfsg-7+deb11u8
fixed
sid
10.04.0~dfsg-1
fixed
trixie
10.04.0~dfsg-1
fixed
netpbm-free
bookworm
2:11.01.00-2
fixed
bullseye
2:10.0-15.4
fixed
sid
2:11.08.01-1
fixed
trixie
2:11.08.01-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ghostscript
hardy
Fixed 8.61.dfsg.1-1ubuntu3.4
released
lucid
Fixed 8.71.dfsg.1-0ubuntu5.4
released
maverick
Fixed 8.71.dfsg.2-0ubuntu7.1
released
natty
not-affected
oneiric
not-affected
jasper
dapper
Fixed 1.701.0-2ubuntu0.6.06.1
released
feisty
ignored
gutsy
Fixed 1.900.1-3ubuntu0.7.10.1
released
hardy
Fixed 1.900.1-3ubuntu0.8.04.1
released
intrepid
Fixed 1.900.1-5ubuntu0.1
released
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libjasper-devel
suse enterprise desktop 15 SP6
4.0.0-150600.2.2
fixed
suse enterprise desktop 15 SP7
4.0.0-150600.2.2
fixed
suse enterprise sap 15 SP6
4.0.0-150600.2.2
fixed
suse enterprise sap 15 SP7
4.0.0-150600.2.2
fixed
suse enterprise server 15 SP6
4.0.0-150600.2.2
fixed
suse enterprise server 15 SP7
4.0.0-150600.2.2
fixed
libjasper1
suse enterprise sap 12 SP1
1.900.14-181.1
fixed
suse enterprise sap 12 SP2
1.900.14-181.1
fixed
suse enterprise sap 12 SP5
1.900.14-195.15.1
fixed
suse enterprise server 12 SP1
1.900.14-181.1
fixed
suse enterprise server 12 SP2
1.900.14-181.1
fixed
suse enterprise server 12 SP5
1.900.14-195.15.1
fixed
libjasper1-32bit
suse enterprise sap 12 SP1
1.900.14-181.1
fixed
suse enterprise sap 12 SP2
1.900.14-181.1
fixed
suse enterprise sap 12 SP5
1.900.14-195.15.1
fixed
suse enterprise server 12 SP1
1.900.14-181.1
fixed
suse enterprise server 12 SP2
1.900.14-181.1
fixed
suse enterprise server 12 SP5
1.900.14-195.15.1
fixed
libjasper7
suse enterprise desktop 15 SP6
4.0.0-150600.2.2
fixed
suse enterprise desktop 15 SP7
4.0.0-150600.2.2
fixed
suse enterprise sap 15 SP6
4.0.0-150600.2.2
fixed
suse enterprise sap 15 SP7
4.0.0-150600.2.2
fixed
suse enterprise server 15 SP6
4.0.0-150600.2.2
fixed
suse enterprise server 15 SP7
4.0.0-150600.2.2
fixed
Common Weakness Enumeration
References
http://bugs.gentoo.org/attachment.cgi?id=163282&action=view
http://bugs.gentoo.org/show_bug.cgi?id=222819
http://rhn.redhat.com/errata/RHSA-2015-0698.html
http://secunia.com/advisories/33173
http://secunia.com/advisories/34391
http://security.gentoo.org/glsa/glsa-200812-18.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:142
http://www.mandriva.com/security/advisories?name=MDVSA-2009:144
http://www.mandriva.com/security/advisories?name=MDVSA-2009:164
http://www.securityfocus.com/bid/31470
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
http://www.ubuntu.com/usn/USN-742-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/45623
http://bugs.gentoo.org/attachment.cgi?id=163282&action=view
http://bugs.gentoo.org/show_bug.cgi?id=222819
http://rhn.redhat.com/errata/RHSA-2015-0698.html
http://secunia.com/advisories/33173
http://secunia.com/advisories/34391
http://security.gentoo.org/glsa/glsa-200812-18.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:142
http://www.mandriva.com/security/advisories?name=MDVSA-2009:144
http://www.mandriva.com/security/advisories?name=MDVSA-2009:164
http://www.securityfocus.com/bid/31470
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
http://www.ubuntu.com/usn/USN-742-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/45623