Multiple integer overflows in the (1) jas_realloc...
Moderate severity
Unreviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Feb 2, 2023
Description
Published by the National Vulnerability Database
Mar 23, 2017
Published to the GitHub Advisory Database
May 14, 2022
Last updated
Feb 2, 2023
Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.
References