Bugzilla – Bug 1223155
VUL-0: CVE-2024-31744: jasper: denial of service through assertion failure in jpc_streamlist_remove function of src/libjasper/jpc/jpc_dec.c
Last modified: 2024-05-17 09:23:08 UTC
In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-31744 https://www.cve.org/CVERecord?id=CVE-2024-31744 https://github.com/jasper-software/jasper/commit/6d084c53a77762f41bb5310713a5f1872fef55f5 https://github.com/jasper-software/jasper/issues/381
This is an autogenerated message for OBS integration: This bug (1223155) was mentioned in https://build.opensuse.org/request/show/1169268 Factory / jasper
SUSE-SU-2024:1396-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1223155 CVE References: CVE-2024-31744 Maintenance Incident: [SUSE:Maintenance:33540](https://smelt.suse.de/incident/33540/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): jasper-1.900.14-195.40.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): jasper-1.900.14-195.40.1 SUSE Linux Enterprise Server 12 SP5 (src): jasper-1.900.14-195.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): jasper-1.900.14-195.40.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.