CVE-2023-51257 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 8%

Affected Products (NVD)

Vendor	Product	Version
jasper_project	jasper	𝑥 ≤ 4.1.1

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

jasper

bionic	ignored
focal	dne
jammy	dne
lunar	dne
mantic	dne
noble	dne
oracular	dne
trusty	ignored
xenial	needs-triage

netpbm-free

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
lunar	ignored
mantic	ignored
noble	needs-triage
oracular	needs-triage
trusty	ignored
xenial	needs-triage

opencpn

bionic	ignored
focal	needs-triage
jammy	needs-triage
lunar	ignored
mantic	ignored
noble	needs-triage
oracular	needs-triage
trusty	ignored
xenial	ignored

openSUSE / SLES Releases

openSUSE Product

Release

libjasper-devel

suse enterprise desktop 15 SP6	4.2.8-150600.4.5.1 fixed
suse enterprise desktop 15 SP7	4.2.8-150600.4.5.1 fixed
suse enterprise sap 15 SP6	4.2.8-150600.4.5.1 fixed
suse enterprise sap 15 SP7	4.2.8-150600.4.5.1 fixed
suse enterprise server 15 SP6	4.2.8-150600.4.5.1 fixed
suse enterprise server 15 SP7	4.2.8-150600.4.5.1 fixed

libjasper1

suse enterprise sap 12 SP5	1.900.14-195.37.1 fixed
suse enterprise server 12 SP3	1.900.14-195.37.1 fixed
suse enterprise server 12 SP5	1.900.14-195.37.1 fixed

libjasper1-32bit

suse enterprise sap 12 SP5	1.900.14-195.37.1 fixed
suse enterprise server 12 SP3	1.900.14-195.37.1 fixed
suse enterprise server 12 SP5	1.900.14-195.37.1 fixed

libjasper7

suse enterprise desktop 15 SP6	4.2.8-150600.4.5.1 fixed
suse enterprise desktop 15 SP7	4.2.8-150600.4.5.1 fixed
suse enterprise sap 15 SP6	4.2.8-150600.4.5.1 fixed
suse enterprise sap 15 SP7	4.2.8-150600.4.5.1 fixed
suse enterprise server 15 SP6	4.2.8-150600.4.5.1 fixed
suse enterprise server 15 SP7	4.2.8-150600.4.5.1 fixed

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

https://github.com/jasper-software/jasper/issues/367

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNTGL7I5IJSQ4BZ5MGKWJPQYICUMHQ5I/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MBF5KYWCZVIDMITRX7GBVWGNWKAMQORZ/

https://github.com/jasper-software/jasper/issues/367

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNTGL7I5IJSQ4BZ5MGKWJPQYICUMHQ5I/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MBF5KYWCZVIDMITRX7GBVWGNWKAMQORZ/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HNTGL7I5IJSQ4BZ5MGKWJPQYICUMHQ5I/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MBF5KYWCZVIDMITRX7GBVWGNWKAMQORZ/