CVE-2015-8751

HIGH
Published Feb 17, 20206y ago · Modified Jun 17, 20261w ago
8.8 CVSS 3.1
High
Find Similar
Published Feb 17, 2020 6y ago
Last Modified Jun 17, 2026 1w ago

Description

Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation.

CVSS Details

Base Score
8.8
Exploitability
2.8
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-190 Integer Overflow or Wraparound Numeric Error

Affected Products 1

VendorProductVersionRange
jasper_projectjasper* <1.900.4

References 7

  • openwall.com http://www.openwall.com/lists/oss-security/2016/01/07/10
    ExploitMailing ListThird Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2016/01/08/2
    Mailing ListThird Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2016/01/11/3
    Mailing ListThird Party Advisory
  • securityfocus.com http://www.securityfocus.com/bid/80035
    Third Party AdvisoryVDB Entry
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1294039
    ExploitIssue TrackingThird Party Advisory
  • lists.apache.org https://lists.apache.org/thread.html/re28d4c3c5b77138de47bf5b2ad04886d9104eb74ae3594e5f7254318%40%3Cdev.tomcat.apache.org%3E
    Mailing ListVendor Advisory
  • lists.apache.org https://lists.apache.org/thread.html/rf15130c7b5f703664ce57a97934ffb8cc6065cbb1bf678dca8651519%40%3Cdev.tomcat.apache.org%3E
    Mailing ListVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.