CVE-2008-3522

Name of the Vulnerable Software and Affected Versions JasPer versions prior to 1.900.1-r3

Description The issue concerns multiple vulnerabilities in the JasPer package, which can be exploited remotely, potentially leading to breaches in confidentiality, integrity, and availability of protected information. A buffer overflow in the jas stream printf function in libjasper/base/jas stream.c may allow attackers to have an unknown impact via vectors related to the mif hdr put function and the use of vsprintf.

Recommendations For JasPer versions prior to 1.900.1-r3, update to version 1.900.1-r3 or later to resolve the issue. As a temporary workaround, consider restricting access to the jas stream printf function until a patch is available. Avoid using the mif hdr put function and the vsprintf function in the affected API endpoints until the issue is resolved.