CVE-2007-2721 — jasper - denial of service

Description

The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.

How to fix CVE-2007-2721

To remediate CVE-2007-2721, upgrade the affected package to a fixed version below.

Debian/ghostscript—upgrade to 8.61.dfsg.1~svn8187-1.1 or later
Debian/jasper—upgrade to 1.900.1-5.1+lenny1 or later

Is CVE-2007-2721 being exploited?

Moderate — EPSS is 14.3%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 8.61.dfsg.1~svn8187-1.1
from 0, < 1.900.1-5.1+lenny1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-2721