CVE-2008-3521 — Vulnetix

Try Vulnetix Request Demo

CVE-2008-3521 PUBLISHED CVSS 7.199999809265137 HIGH

Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.

EPSS 0.04% · 11.0th percentile

Risk Scores

CVSS v2.0

7.199999809265137

EPSS Score

0.04%

11.0th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
jasper_project	jasper	1.900.1

Timeline

Oct 2, 2008 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

31470 vdb
MDVSA-2009:164 vendor-advisory
http://bugs.gentoo.org/attachment.cgi?id=163282&action=view url
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3521 url
34391 third-party-advisory
MDVSA-2009:142 vendor-advisory
USN-742-1 vendor-advisory
http://bugs.gentoo.org/show_bug.cgi?id=222819 url
jasper-jasstreamtmpfile-symlink(45622) vdb
https://nvd.nist.gov/vuln/detail/CVE-2008-3521 advisory

Open in Interactive Console →