CVE - CVE-2007-2721

CVE-ID
CVE-2007-2721	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413033 CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041 CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041;msg=88 DEBIAN:DSA-2036 URL:http://www.debian.org/security/2010/dsa-2036 MANDRIVA:MDKSA-2007:129 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:129 MANDRIVA:MDKSA-2007:209 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:209 MANDRIVA:MDKSA-2007:208 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:208 MANDRIVA:MDVSA-2009:142 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:142 MANDRIVA:MDVSA-2009:164 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:164 REDHAT:RHSA-2009:0012 URL:http://www.redhat.com/support/errata/RHSA-2009-0012.html UBUNTU:USN-501-1 URL:http://www.ubuntu.com/usn/usn-501-1 UBUNTU:USN-501-2 URL:http://www.ubuntu.com/usn/usn-501-2 BID:24052 URL:http://www.securityfocus.com/bid/24052 OSVDB:36137 URL:http://osvdb.org/36137 OVAL:oval:org.mitre.oval:def:9397 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9397 SECUNIA:25287 URL:http://secunia.com/advisories/25287 SECUNIA:25703 URL:http://secunia.com/advisories/25703 SECUNIA:26516 URL:http://secunia.com/advisories/26516 SECUNIA:27319 URL:http://secunia.com/advisories/27319 SECUNIA:27489 URL:http://secunia.com/advisories/27489 SECUNIA:39505 URL:http://secunia.com/advisories/39505 VUPEN:ADV-2010-0912 URL:http://www.vupen.com/english/advisories/2010/0912
Assigning CNA
N/A
Date Entry Created
20070516	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070516)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org