CVE-2017-1000050 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 82%

Affected Products (NVD)

Vendor	Product	Version
jasper_project	jasper	2.0.12
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_workstation	7.0
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

jasper

artful	dne
bionic	dne
trusty	Fixed 1.900.1-14ubuntu3.5 released
xenial	Fixed 1.900.1-debian1-2.4ubuntu1.2 released
yakkety	ignored
zesty	dne

openSUSE / SLES Releases

openSUSE Product

Release

libjasper-devel

suse enterprise desktop 15 SP6	4.0.0-150600.2.2 fixed
suse enterprise desktop 15 SP7	4.0.0-150600.2.2 fixed
suse enterprise sap 15 SP6	4.0.0-150600.2.2 fixed
suse enterprise sap 15 SP7	4.0.0-150600.2.2 fixed
suse enterprise server 15 SP6	4.0.0-150600.2.2 fixed
suse enterprise server 15 SP7	4.0.0-150600.2.2 fixed

libjasper1

suse enterprise sap 12 SP2	1.900.14-195.3.1 fixed
suse enterprise sap 12 SP3	1.900.14-195.5.1 fixed
suse enterprise sap 12 SP5	1.900.14-195.15.1 fixed
suse enterprise server 12 SP2	1.900.14-195.3.1 fixed
suse enterprise server 12 SP3	1.900.14-195.5.1 fixed
suse enterprise server 12 SP5	1.900.14-195.15.1 fixed

libjasper1-32bit

suse enterprise sap 12 SP2	1.900.14-195.3.1 fixed
suse enterprise sap 12 SP3	1.900.14-195.5.1 fixed
suse enterprise sap 12 SP5	1.900.14-195.15.1 fixed
suse enterprise server 12 SP2	1.900.14-195.3.1 fixed
suse enterprise server 12 SP3	1.900.14-195.5.1 fixed
suse enterprise server 12 SP5	1.900.14-195.15.1 fixed

libjasper7

suse enterprise desktop 15 SP6	4.0.0-150600.2.2 fixed
suse enterprise desktop 15 SP7	4.0.0-150600.2.2 fixed
suse enterprise sap 15 SP6	4.0.0-150600.2.2 fixed
suse enterprise sap 15 SP7	4.0.0-150600.2.2 fixed
suse enterprise server 15 SP6	4.0.0-150600.2.2 fixed
suse enterprise server 15 SP7	4.0.0-150600.2.2 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

jasper

RHEL 7

0:1.900.1-33.el7

fixed

jasper-devel

RHEL 7

0:1.900.1-33.el7

fixed

jasper-libs

RHEL 7

0:1.900.1-33.el7

fixed

jasper-utils

RHEL 7

0:1.900.1-33.el7

fixed

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

http://www.openwall.com/lists/oss-security/2017/03/06/1

http://www.securityfocus.com/bid/96595

https://access.redhat.com/errata/RHSA-2018:3253

https://access.redhat.com/errata/RHSA-2018:3505

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/

https://security.gentoo.org/glsa/201908-03

https://usn.ubuntu.com/3693-1/

http://www.openwall.com/lists/oss-security/2017/03/06/1

http://www.securityfocus.com/bid/96595

https://access.redhat.com/errata/RHSA-2018:3253

https://access.redhat.com/errata/RHSA-2018:3505

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/

https://security.gentoo.org/glsa/201908-03

https://usn.ubuntu.com/3693-1/