CVE-2025-8836

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions: JasPer versions up to 4.2.5

Description: A vulnerability exists in JasPer up to version 4.2.5, specifically within the JPEG2000 Encoder component. The issue resides in the jpc floorlog2 function located in the src/libjasper/jpc/jpc enc.c file. Manipulation of this function can lead to a reachable assertion. The attack requires local access. The exploit for this issue has been publicly disclosed and may be utilized.

Recommendations: JasPer versions prior to 4.2.5: Apply the patch identified as 79185d32d7a444abae441935b20ae4676b3513d4 to resolve this issue.

Exploit

Fix

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

AZL-66165

AZL-66201

CVE-2025-8836

OPENSUSE-SU-2025:15447-1

OPENSUSE-SU-2026:20138-1

SUSE-SU-2025:03219-1

SUSE-SU-2025:03367-1

SUSE-SU-2025:3947-1

SUSE-SU-2025_03219-1

SUSE-SU-2025_03367-1

SUSE-SU-2026:20200-1

Affected Products

Jasper

Suse

CVE-2025-8836

Weakness Enumeration

Related Identifiers

Affected Products

References · 36