CVE-2017-14132
First published: Mon Sep 04 2017(Updated: )
JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jasper Reports | =2.0.13 | |
| Debian Linux | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html
- https://github.com/mdadams/jasper/issues/147
- https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/
- https://security.gentoo.org/glsa/201908-03
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/
Frequently Asked Questions
What is the severity of CVE-2017-14132?
CVE-2017-14132 has a severity rating classified as medium.
How do I fix CVE-2017-14132?
To fix CVE-2017-14132, update to a patched version of the JasPer library that addresses the vulnerability.
Which software is affected by CVE-2017-14132?
CVE-2017-14132 affects multiple versions of the JasPer library and Debian GNU/Linux 8.0.
What kind of vulnerability is CVE-2017-14132?
CVE-2017-14132 is a denial of service vulnerability affecting the JasPer image processing library.
Is CVE-2017-14132 still a risk for users?
CVE-2017-14132 can still pose a risk if unpatched versions of the affected software are in use.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/jasper project
- canonical/jasper reports
- version/jasper reports/2.0.13
- vendor/debian
- canonical/debian linux
- version/debian linux/8.0