CVE-2018-19542 - OpenCVE

An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Opensuse	Leap
Suse	Linux Enterprise Desktop Linux Enterprise Server
Canonical	Ubuntu Linux
Debian	Debian Linux
Jasper Project	Jasper

Configuration 1 [-]

cpe:2.3:a:jasper_project:jasper:2.0.14:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:12:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp3:::ltss:::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_server:12:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_server:12:sp2::::::

Configuration 4 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 5 [-]

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00004.html	Mailing List Third Party Advisory
https://github.com/mdadams/jasper/issues/182	Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html	Mailing List Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-11-26T03:00:00

Updated: 2020-04-15T21:06:45

Reserved: 2018-11-25T00:00:00

Link: CVE-2018-19542

JSON object: View

NVD Information

Status : Modified

Published: 2018-11-26T03:29:00.423

Modified: 2020-04-15T21:15:23.700

Link: CVE-2018-19542

JSON object: View

Redhat Information

No data.

CWE

CWE-476

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-11-25T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-15T21:06:45", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[debian-lts-announce] 20190102 [SECURITY] [DLA 1628-1] jasper security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mdadams/jasper/issues/182"}, {"name": "openSUSE-SU-2019:1315", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00004.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19542", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20190102 [SECURITY] [DLA 1628-1] jasper security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html"}, {"name": "https://github.com/mdadams/jasper/issues/182", "refsource": "MISC", "url": "https://github.com/mdadams/jasper/issues/182"}, {"name": "openSUSE-SU-2019:1315", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00004.html"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-19542", "datePublished": "2018-11-26T03:00:00", "dateReserved": "2018-11-25T00:00:00", "dateUpdated": "2020-04-15T21:06:45", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jasper_project:jasper:2.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "9EB314A7-DB3A-487E-8B8D-466B20DFB92F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*", "matchCriteriaId": "C1DCD75C-9775-4922-8A44-C4707C640946", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp4:*:*:*:*:*:*", "matchCriteriaId": "55242557-663C-4870-A439-4C8FEEB69E7F", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*", "matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*", "matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:*", "matchCriteriaId": "F84B2729-7B52-4505-9656-1BD31B980705", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service."}, {"lang": "es", "value": "Se ha descubierto un problema en JasPer 2.0.14. Hay una desreferencia de puntero NULL en la funci\u00f3n jp2_decode en libjasper/jp2/jp2_dec.c, provocando una denegaci\u00f3n de servicio (DoS)."}], "id": "CVE-2018-19542", "lastModified": "2020-04-15T21:15:23.700", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-26T03:29:00.423", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00004.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/mdadams/jasper/issues/182"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html"}, {"source": "cve@mitre.org", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}