Vulnerability Description
The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jasper Jpeg-2000 | Jasper Jpeg-2000 | <= 1.701.1 |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413033ExploitVendor Advisory
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041ExploitVendor Advisory
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041%3Bmsg=88
- http://osvdb.org/36137
- http://secunia.com/advisories/25287
- http://secunia.com/advisories/25703
- http://secunia.com/advisories/26516
- http://secunia.com/advisories/27319
- http://secunia.com/advisories/27489
- http://secunia.com/advisories/39505
- http://www.debian.org/security/2010/dsa-2036
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:129
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:208
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:209
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:142
FAQ
What is CVE-2007-2721?
CVE-2007-2721 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corr...
How severe is CVE-2007-2721?
CVE-2007-2721 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2721?
Check the references section above for vendor advisories and patch information. Affected products include: Jasper Jpeg-2000 Jasper Jpeg-2000.