CVE-2017-13745

Published: 8/29/2017 Last updated: 8/5/2024 Reserved: 8/29/2017

There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (1)

grib

Products affected (1)

Product	Vendor	Version
n/a	n/a	Prior to commit c145d4604df67e6fc625992412eef0bf9a85e26b and f6660e6d8f0d1d931359d591dbdec580fef36d36 [fixed: After commit f6660e6d8f0d1d931359d591dbdec580fef36d36]

References (14)

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://bugzilla.redhat.com/show_bug.cgi?id=1485274
http://www.securityfocus.com/bid/100514
https://security.gentoo.org/glsa/201908-03
https://www.oracle.com/security-alerts/cpuapr2020.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://bugzilla.redhat.com/show_bug.cgi?id=1485274
http://www.securityfocus.com/bid/100514
https://security.gentoo.org/glsa/201908-03
https://www.oracle.com/security-alerts/cpuapr2020.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/