CVE-2024-31744

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Jasper version 4.2.2

Description The issue is related to an assertion failure vulnerability in the jpc streamlist remove function, which can be exploited by attackers to cause a denial of service attack through a specific image file. This vulnerability is associated with incorrect cleanup or release of resources.

Recommendations For Jasper version 4.2.2, consider disabling the jpc streamlist remove function as a temporary workaround until a patch is available. Restrict access to the jpc dec.c module to minimize the risk of exploitation. Avoid using the vulnerable function with specially crafted image files until the issue is resolved.

Fix

DoS

Assertion Failure

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617CWE-404

Related Identifiers

AZL-40000

BDU:2024-03555

CVE-2024-31744

MGASA-2024-0144

OPENSUSE-SU-2024:13878-1

OPENSUSE-SU-2024_1464-1

SUSE-SU-2024:1396-1

SUSE-SU-2024:1464-1

SUSE-SU-2024_1396-1

SUSE-SU-2024_1464-1

Affected Products

Jasper

Suse

CVE-2024-31744

Weakness Enumeration

Related Identifiers

Affected Products

References · 22