PT-2025-32528 · Jasper+1 · Jasper+1

Nipc-Cxd

Publicado

2025-08-11

Atualizado

2026-01-30

CVE-2025-8836

CVSS v3.1

3.3

Baixa

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions: JasPer versions up to 4.2.5

Description: A vulnerability exists in JasPer up to version 4.2.5, specifically within the JPEG2000 Encoder component. The issue resides in the jpc floorlog2 function located in the src/libjasper/jpc/jpc enc.c file. Manipulation of this function can lead to a reachable assertion. The attack requires local access. The exploit for this issue has been publicly disclosed and may be utilized.

Recommendations: JasPer versions prior to 4.2.5: Apply the patch identified as 79185d32d7a444abae441935b20ae4676b3513d4 to resolve this issue.

Exploit

Correção

Assertion Failure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-617

Identificadores relacionados

AZL-66165

AZL-66201

CVE-2025-8836

OPENSUSE-SU-2025:15447-1

OPENSUSE-SU-2026:20138-1

SUSE-SU-2025:03219-1

SUSE-SU-2025:03367-1

SUSE-SU-2025:3947-1

SUSE-SU-2025_03219-1

SUSE-SU-2025_03367-1

SUSE-SU-2026:20200-1

Produtos afetados

Jasper

Suse

PT-2025-32528 · Jasper+1 · Jasper+1

CVE-2025-8836

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 36