Remote Denial of Service Vulnerability in JasPer 2.0.14: Reachable Abort in jpc_dec_process_sot Function

Remote Denial of Service Vulnerability in JasPer 2.0.14: Reachable Abort in jpc_dec_process_sot Function

CVE-2018-9154 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745.

Learn more about our Web Application Penetration Testing UK.