JasPer CVE-2018-20584 Denial of Service Vulnerability

JasPer is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause a denial-of-service condition.

JasPer 2.0.14 and prior are vulnerable.

Information

Bugtraq ID: 106356
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2018-20584

Remote: Yes
Local: No
Published: Dec 30 2018 12:00AM
Updated: Dec 30 2018 12:00AM
Credit: zerokeeper
Vulnerable: JasPer JasPer 2.0.13
JasPer JasPer 2.0.12
JasPer JasPer 2.0.10
JasPer JasPer 2.0.9
JasPer JasPer 1.900.27
JasPer JasPer 1.900.25
JasPer JasPer 1.900.20
JasPer JasPer 1.900.17
JasPer JasPer 1.900.12
JasPer JasPer 1.900.10
JasPer JasPer 1.900.5
JasPer JasPer 1.900.4
JasPer JasPer 1.900.3
JasPer JasPer 1.900.2
JasPer JasPer 2.0.6
JasPer JasPer 2.0.5
JasPer JasPer 2.0.14
JasPer JasPer 2.0.0
JasPer JasPer 1.900.8
JasPer JasPer 1.900.29
JasPer JasPer 1.900.24
JasPer JasPer 1.900.22
JasPer JasPer 1.900.18
JasPer JasPer 1.900.1
JasPer JasPer 1.900
JasPer JasPer 1.701
+ Ubuntu Ubuntu Linux 7.04 sparc
+ Ubuntu Ubuntu Linux 7.04 powerpc
+ Ubuntu Ubuntu Linux 7.04 i386
+ Ubuntu Ubuntu Linux 7.04 amd64
+ Ubuntu Ubuntu Linux 6.10 sparc
+ Ubuntu Ubuntu Linux 6.10 powerpc
+ Ubuntu Ubuntu Linux 6.10 i386
+ Ubuntu Ubuntu Linux 6.10 amd64
+ Ubuntu Ubuntu Linux 6.06 LTS sparc
+ Ubuntu Ubuntu Linux 6.06 LTS powerpc
+ Ubuntu Ubuntu Linux 6.06 LTS i386
+ Ubuntu Ubuntu Linux 6.06 LTS amd64

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

• hang in jasper #192 (JasPer)
  
• JasPer Homepage (Micheal Adams)
  

Source: www.securityfocus.com