CVE-2008-3520 - OpenCVE

Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Jasper Project	Jasper

Configuration 1 [-]

cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*

References

Link	Resource
http://bugs.gentoo.org/show_bug.cgi?id=222819	Patch
http://rhn.redhat.com/errata/RHSA-2015-0698.html
http://secunia.com/advisories/33173
http://secunia.com/advisories/34391
http://security.gentoo.org/glsa/glsa-200812-18.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:142
http://www.mandriva.com/security/advisories?name=MDVSA-2009:144
http://www.mandriva.com/security/advisories?name=MDVSA-2009:164
http://www.redhat.com/support/errata/RHSA-2009-0012.html
http://www.securityfocus.com/bid/31470	Patch
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
http://www.ubuntu.com/usn/USN-742-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/45621
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10141

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2008-10-02T18:00:00

Updated: 2017-09-28T12:57:01

Reserved: 2008-08-07T00:00:00

Link: CVE-2008-3520

JSON object: View

NVD Information

Status : Modified

Published: 2008-10-02T18:18:05.743

Modified: 2017-09-29T01:31:43.537

Link: CVE-2008-3520

JSON object: View

Redhat Information

No data.

CWE

CWE-189

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-09-29T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "31470", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31470"}, {"name": "MDVSA-2009:164", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:164"}, {"name": "MDVSA-2009:144", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:144"}, {"name": "RHSA-2009:0012", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2009-0012.html"}, {"name": "jasper-image-file-bo(45621)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45621"}, {"name": "34391", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34391"}, {"name": "oval:org.mitre.oval:def:10141", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10141"}, {"name": "MDVSA-2009:142", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:142"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=222819"}, {"name": "USN-742-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-742-1"}, {"name": "RHSA-2015:0698", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html"}, {"name": "33173", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33173"}, {"name": "GLSA-200812-18", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200812-18.xml"}, {"name": "SSA:2015-302-02", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2008-3520", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "31470", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31470"}, {"name": "MDVSA-2009:164", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:164"}, {"name": "MDVSA-2009:144", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:144"}, {"name": "RHSA-2009:0012", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2009-0012.html"}, {"name": "jasper-image-file-bo(45621)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45621"}, {"name": "34391", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34391"}, {"name": "oval:org.mitre.oval:def:10141", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10141"}, {"name": "MDVSA-2009:142", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:142"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=222819", "refsource": "MISC", "url": "http://bugs.gentoo.org/show_bug.cgi?id=222819"}, {"name": "USN-742-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-742-1"}, {"name": "RHSA-2015:0698", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html"}, {"name": "33173", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33173"}, {"name": "GLSA-200812-18", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200812-18.xml"}, {"name": "SSA:2015-302-02", "refsource": "SLACKWARE", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-3520", "datePublished": "2008-10-02T18:00:00", "dateReserved": "2008-08-07T00:00:00", "dateUpdated": "2017-09-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*", "matchCriteriaId": "79C699BE-8585-4A07-88AE-E17CF17D92CD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de entero en JasPer v1.900.1 pueden permitir a atacantes dependientes de contexto tener un impacto desconocido a trav\u00e9s de ficheros de imagen manipuladas, relacionado con la multiplicaci\u00f3n de enteros para localizaciones de memoria."}], "id": "CVE-2008-3520", "lastModified": "2017-09-29T01:31:43.537", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-10-02T18:18:05.743", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=222819"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/33173"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/34391"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-200812-18.xml"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:142"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:144"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:164"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2009-0012.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/31470"}, {"source": "secalert@redhat.com", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-742-1"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45621"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10141"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}