CVE-2024-31744

In Jasper 4.2.2, the jpcstreamlistremove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file.

References

Affected packages

Git / github.com/jasper-software/jasper

Affected ranges

Type: GIT
Repo: https://github.com/jasper-software/jasper
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6d084c53a77762f41bb5310713a5f1872fef55f5

Affected versions

Other

manual-version-mdadams-20220109-2039

manual-version-mdadams-20221103-1902

mdadams-clang-issue

mdadams-experimental-version-1

mdadams-experimental-version-2

mdadams-experimental-version-3

version-1.*

version-1.900.1

version-1.900.10

version-1.900.11

version-1.900.12

version-1.900.13

version-1.900.14

version-1.900.15

version-1.900.16

version-1.900.17

version-1.900.18

version-1.900.19

version-1.900.2

version-1.900.20

version-1.900.21

version-1.900.22

version-1.900.23

version-1.900.24

version-1.900.25

version-1.900.26

version-1.900.27

version-1.900.28

version-1.900.29

version-1.900.3

version-1.900.30

version-1.900.31

version-1.900.4

version-1.900.5

version-1.900.6

version-1.900.7

version-1.900.8

version-1.900.9

version-2.*

version-2.0.0

version-2.0.0-beta.1

version-2.0.0-beta.2

version-2.0.1

version-2.0.10

version-2.0.11

version-2.0.12

version-2.0.13

version-2.0.14

version-2.0.15

version-2.0.16

version-2.0.19

version-2.0.2

version-2.0.20

version-2.0.21

version-2.0.21-rc1

version-2.0.22

version-2.0.22-rc1

version-2.0.23

version-2.0.24

version-2.0.25

version-2.0.26

version-2.0.27

version-2.0.28

version-2.0.29

version-2.0.3

version-2.0.31

version-2.0.32

version-2.0.33

version-2.0.4

version-2.0.5

version-2.0.6

version-2.0.7

version-2.0.8

version-2.0.9

version-3.*

version-3.0.0

version-3.0.0-rc1

version-3.0.0-rc2

version-3.0.1

version-3.0.2

version-3.0.3

version-3.0.4

version-3.0.5

version-3.0.6

version-4.*

version-4.0.0

version-4.0.0-rc1

version-4.0.1

version-4.0.1-rc1

version-4.1.0

version-4.1.0-rc1

version-4.1.0-rc2

version-4.1.1

version-4.1.1-rc1

version-4.1.2

version-4.2.0

version-4.2.0-rc1

version-4.2.1

version-4.2.2

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "line_hashes": [
                    "303081832339546079775241914365705776155",
                    "155042177096622166707048127280595433219",
                    "108443222197420485824093560400368853121",
                    "188995124371520492910687396484774343284"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "src/libjasper/jpc/jpc_dec.c"
            },
            "signature_type": "Line",
            "source": "https://github.com/jasper-software/jasper/commit/6d084c53a77762f41bb5310713a5f1872fef55f5",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-31744-a9fd437e"
        },
        {
            "digest": {
                "length": 1830.0,
                "function_hash": "20288970338612997191061930568466790489"
            },
            "target": {
                "function": "jpc_dec_process_sod",
                "file": "src/libjasper/jpc/jpc_dec.c"
            },
            "signature_type": "Function",
            "source": "https://github.com/jasper-software/jasper/commit/6d084c53a77762f41bb5310713a5f1872fef55f5",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-31744-cac84bbc"
        }
    ]
}