Vulnerability Details CVE-2007-2721
The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.082
EPSS Ranking 91.8%
CVSS Severity
CVSS v2 Score 4.3
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413033
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041%3Bmsg=88
- http://osvdb.org/36137
- http://secunia.com/advisories/25287
- http://secunia.com/advisories/25703
- http://secunia.com/advisories/26516
- http://secunia.com/advisories/27319
- http://secunia.com/advisories/27489
- http://secunia.com/advisories/39505
- http://www.debian.org/security/2010/dsa-2036
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:129
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:208
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:209
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:142
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:164
- http://www.redhat.com/support/errata/RHSA-2009-0012.html
- http://www.securityfocus.com/bid/24052
- http://www.ubuntu.com/usn/usn-501-1
- http://www.ubuntu.com/usn/usn-501-2
- http://www.vupen.com/english/advisories/2010/0912
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9397
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413033
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041%3Bmsg=88
- http://osvdb.org/36137
- http://secunia.com/advisories/25287
- http://secunia.com/advisories/25703
- http://secunia.com/advisories/26516
- http://secunia.com/advisories/27319
- http://secunia.com/advisories/27489
- http://secunia.com/advisories/39505
- http://www.debian.org/security/2010/dsa-2036
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:129
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:208
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:209
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:142
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:164
- http://www.redhat.com/support/errata/RHSA-2009-0012.html
- http://www.securityfocus.com/bid/24052
- http://www.ubuntu.com/usn/usn-501-1
- http://www.ubuntu.com/usn/usn-501-2
- http://www.vupen.com/english/advisories/2010/0912
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9397
Products affected by CVE-2007-2721
-
cpe:2.3:a:jasper_jpeg-2000:jasper_jpeg-2000:*