CVE-2008-3520 : Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attac

Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.

Published 2008-10-02 18:18:06

Updated 2025-04-09 00:30:58

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2008-3520

Jasper Project » Jasper » Version: 1.900.1
cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-3520

EPSS FAQ

3.00%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 85 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-3520

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-3520

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-3520

http://secunia.com/advisories/33173

About Secunia Research | Flexera

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2009:144

Mandriva

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-200812-18.xml

JasPer: User-assisted execution of arbitrary code (GLSA 200812-18) — Gentoo security

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/45621

JasPer image file buffer overflow CVE-2008-3520 Vulnerability Report
http://www.redhat.com/support/errata/RHSA-2009-0012.html

Support

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2009:142

Mandriva

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10141

404 Not Found
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606

The Slackware Linux Project: Slackware Security Advisories

CVEs referencing this url
http://secunia.com/advisories/34391

About Secunia Research | Flexera

CVEs referencing this url
http://www.securityfocus.com/bid/31470

Patch

CVEs referencing this url
http://bugs.gentoo.org/show_bug.cgi?id=222819

222819 – (CVE-2008-3520) media-libs/jasper <1.900.1-r3 multiple vulnerabilities (CVE-2008-{3520,3521,3522})
Patch

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-0698.html

RHSA-2015:0698 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://www.ubuntu.com/usn/USN-742-1

USN-742-1: JasPer vulnerabilities | Ubuntu security notices | Ubuntu

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2009:164

Mandriva

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2008-3520

Products affected by CVE-2008-3520

Exploit prediction scoring system (EPSS) score for CVE-2008-3520

CVSS scores for CVE-2008-3520

CWE ids for CVE-2008-3520

References for CVE-2008-3520