CVE-2024-31744

EUVD-2024-29617
In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jasper
focal
dne
jammy
dne
mantic
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
xenial
needs-triage
Common Weakness Enumeration
References
https://github.com/jasper-software/jasper/commit/6d084c53a77762f41bb5310713a5f1872fef55f5
https://github.com/jasper-software/jasper/issues/381
https://github.com/jasper-software/jasper/commit/6d084c53a77762f41bb5310713a5f1872fef55f5
https://github.com/jasper-software/jasper/issues/381