Vulnerability Description
A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jasper Project | Jasper | <= 4.2.5 |
Related Weaknesses (CWE)
References
- https://drive.google.com/file/d/17Ic_DDOlH7mMT7IbTN2Bmo6SrujIUh24/view?usp=shariExploit
- https://github.com/jasper-software/jasper/commit/8308060d3fbc1da10353ac8a95c8ea6Patch
- https://github.com/jasper-software/jasper/issues/402ExploitIssue TrackingVendor Advisory
- https://vuldb.com/?ctiid.319371Permissions RequiredVDB Entry
- https://vuldb.com/?id.319371Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.630487ExploitThird Party AdvisoryVDB Entry
- https://vuldb.com/?submit.630488ExploitThird Party AdvisoryVDB Entry
- https://github.com/jasper-software/jasper/issues/402ExploitIssue TrackingVendor Advisory
- https://vuldb.com/?submit.630488ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2025-8837?
CVE-2025-8837 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to u...
How severe is CVE-2025-8837?
CVE-2025-8837 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-8837?
Check the references section above for vendor advisories and patch information. Affected products include: Jasper Project Jasper.