CVE-2008-3522

CVSS V2 High 10 CVSS V3 None

Description

Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.

Overview

CVE ID
CVE-2008-3522

Assigner
secalert@redhat.com

Vulnerability Status
Modified

Published Version
2008-10-02T18:18:05

Last Modified Date
2017-08-08T01:31:57

Weakness Enumerations

CWE	URL
CWE-119	http://cwe.mitre.org/data/definitions/119.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:redhat:enterprise_virtualization:3.5:::::::*	1	OR
cpe:2.3:a:jasper_project:jasper:1.900.1:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector
NETWORK

Access Compatibility
LOW

Authentication
NONE

Confidentiality Impact
COMPLETE

Integrity Impact
COMPLETE

Availability Impact
COMPLETE

Base Score
10

Severity
HIGH

Exploitability Score
10

Impact Score
10

References

Reference URL	Reference Tags
http://www.securityfocus.com/bid/31470
http://bugs.gentoo.org/show_bug.cgi?id=222819
http://bugs.gentoo.org/attachment.cgi?id=163282&action=view	Exploit
http://security.gentoo.org/glsa/glsa-200812-18.xml
http://secunia.com/advisories/33173
http://secunia.com/advisories/34391
http://www.ubuntu.com/usn/USN-742-1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:142
http://www.mandriva.com/security/advisories?name=MDVSA-2009:144
http://www.mandriva.com/security/advisories?name=MDVSA-2009:164
http://rhn.redhat.com/errata/RHSA-2015-0698.html
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
https://exchange.xforce.ibmcloud.com/vulnerabilities/45623

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2008-3522
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 09:06:44				Added to TrackCVE