CVE-2025-8837
JasPer JPEG2000 File jpc_dec.c jpc_dec_dump use after free
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
JasPer JPEG2000 File jpc_dec.c jpc_dec_dump use after free
A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue.
Hiervon betroffen ist die Funktion jpc_dec_dump der Datei src/libjasper/jpc/jpc_dec.c der Komponente JPEG2000 File Handler. Durch Manipulieren mit unbekannten Daten kann eine use after free-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur öffentlichen Verfügung. Der Patch wird als 8308060d3fbc1da10353ac8a95c8ea60eba9c25a bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen.
| 2025-08-10: | Advisory disclosed |
| 2025-08-10: | VulDB entry created |
| 2025-08-10: | VulDB entry last update |
rootsec (VulDB User)
vuldb.com/?id.319371 (VDB-319371 | JasPer JPEG2000 File jpc_dec.c jpc_dec_dump use after free)
vuldb.com/?ctiid.319371 (VDB-319371 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/?submit.630487 (Submit #630487 | jasper imginfo JasPer Version**: 4.2.5 and the newest master Use-after-free)
vuldb.com/?submit.630488 (Submit #630488 | jasper imginfo JasPer Version**: 4.2.5 and the newest master Use-after-free (Duplicate))
github.com/jasper-software/jasper/issues/402
drive.google.com/...7mMT7IbTN2Bmo6SrujIUh24/view?usp=sharing
github.com/...ommit/8308060d3fbc1da10353ac8a95c8ea60eba9c25a
Support options
