CVE-2018-19541
First published: Mon Nov 26 2018(Updated: )
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jasper Project Jasper | =2.0.14 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| SUSE Linux Enterprise Desktop | =12-sp3 | |
| SUSE Linux Enterprise Desktop | =12-sp4 | |
| SUSE Linux Enterprise Server | =11-sp3 | |
| SUSE Linux Enterprise Server | =11-sp4 | |
| SUSE Linux Enterprise Server | =12-sp1 | |
| SUSE Linux Enterprise Server | =12-sp2 | |
| Debian Debian Linux | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00025.html
- https://github.com/mdadams/jasper/issues/182
- https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
Frequently Asked Questions
What is the severity of CVE-2018-19541?
The severity of CVE-2018-19541 is high with a severity value of 8.8.
Which software versions are affected by CVE-2018-19541?
Jasper Project Jasper version 2.0.14, Canonical Ubuntu Linux 14.04 and 16.04, SUSE Linux Enterprise Desktop 12-sp3 and 12-sp4, SUSE Linux Enterprise Server 11-sp3 and 11-sp4, SUSE Linux Enterprise Server 12-sp1 and 12-sp2, and Debian Debian Linux 8.0 are affected.
How can I fix the vulnerability in Jasper Project Jasper version 2.0.14?
Update Jasper Project Jasper to a version that is not affected by CVE-2018-19541.
Are there any references for more information on CVE-2018-19541?
Yes, you can find more information on CVE-2018-19541 at the following references: [1](http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00023.html), [2](http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00025.html), [3](https://github.com/mdadams/jasper/issues/182).
What is the Common Weakness Enumeration (CWE) ID for CVE-2018-19541?
The CWE ID for CVE-2018-19541 is CWE-125.
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/jasper project
- canonical/jasper project jasper
- version/jasper project jasper/2.0.14
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- vendor/suse
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/12-sp3
- version/suse linux enterprise desktop/12-sp4
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp3
- version/suse linux enterprise server/11-sp4
- version/suse linux enterprise server/12-sp1
- version/suse linux enterprise server/12-sp2
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0