Intrusion Prevention

JasPer.JP2.Decode.Out.of.Bounds.Read.Information.Disclosure

Description

This indicates an attack attempt against an Information Disclosure vulnerability in JasPer.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted JP2 file. A remote attacker can exploit this to gain access to sensitive information.

Affected Products

JasPer Project

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://github.com/mdadams/jasper/issues/140

CVE References

CVE-2017-9782