CVE-2025-8837

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: JasPer versions up to 4.2.5

Description: A use-after-free vulnerability exists in JasPer up to version 4.2.5. The issue affects the jpc dec dump function within the JPEG2000 File Handler component, located in the file src/libjasper/jpc/jpc dec.c. Exploitation requires local access. The exploit for this issue has been publicly disclosed.

Recommendations: Apply the patch named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a to resolve this issue.

Exploit

Fix

Use After Free

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-119

Related Identifiers

AZL-66168

AZL-66198

CVE-2025-8837

OPENSUSE-SU-2025:15447-1

OPENSUSE-SU-2026:20138-1

SUSE-SU-2025:03219-1

SUSE-SU-2025:03367-1

SUSE-SU-2025:3947-1

SUSE-SU-2025_03219-1

SUSE-SU-2025_03367-1

SUSE-SU-2026:20200-1

Affected Products

Jasper

Suse

CVE-2025-8837

Weakness Enumeration

Related Identifiers

Affected Products

References · 38