Bug 1203518 - (CVE-2022-40755) VUL-0: CVE-2022-40755: jasper: denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c.
(CVE-2022-40755)
VUL-0: CVE-2022-40755: jasper: denial of service via a reachable assertion in...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Michael Vetter
Security Team bot
https://smash.suse.de/issue/342629/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-09-19 10:18 UTC by Thomas Leroy
Modified: 2022-09-19 10:20 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2022-09-19 10:18:18 UTC
CVE-2022-40755

JasPer 3.0.6 allows denial of service via a reachable assertion in the function
inttobits in libjasper/base/jas_image.c.

Upstream issue:
https://github.com/jasper-software/jasper/issues/338

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40755
https://github.com/jasper-software/jasper/issues/338
https://www.cve.org/CVERecord?id=CVE-2022-40755
Comment 1 Thomas Leroy 2022-09-19 10:20:47 UTC
The assertion reached is very recent. None of the codestream is affected.