CVE-2018-19540

Published: 11/26/2018 Last updated: 8/5/2024 Reserved: 11/25/2018

An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (1)

grib

Products affected (1)

Product	Vendor	Version
n/a	n/a	4.0.0

References (10)

https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html
https://github.com/mdadams/jasper/issues/182
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00025.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html
https://github.com/mdadams/jasper/issues/182
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00025.html
https://www.oracle.com/security-alerts/cpuapr2020.html