VDB
CVE-2024-31744
CVE-2024-31744
PUBLISHED
CVSS 8.699999809265137 HIGH
Es existiert eine Schwachstelle in JasPer. Diese ist auf einen Fehler in der Funktion "jpc_streamlist_remove" zurückzuführen, durch den ein Absturz ausgelöst werden kann. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuführen.
EPSS 0.03% · 10.9th percentile
Risk Scores
CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.03%
10.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Oracle Communications 24.2.2 | |
| Oracle | Oracle Communications 17.0.1 | |
| Oracle | Oracle Communications 25.1.100 | |
| Oracle | Oracle Communications 24.3.0 | |
| Oracle | Oracle Communications 10.0.0 | |
| Oracle | Oracle Communications 24.2.1 | |
| Oracle | Oracle Communications 24.2.5 | |
| Oracle | Oracle Communications 9.1.0 | |
| Oracle | Oracle Communications 4.1.0 | |
| Oracle | Oracle Communications <=23.4.5 | |
| Oracle | Oracle Communications <=23.4.6 | |
| Oracle | Oracle Communications 9.1.1.3.0 | |
| Open Source | Open Source JasPer 4.2.2 | |
| Oracle | Oracle Communications 22.4.0 | |
| Oracle | Oracle Communications 5.2 | |
| Oracle | Oracle Communications 9.1.1.9.0 | |
| Oracle | Oracle Communications 23.4.0 | |
| SUSE | SUSE Linux | |
| Oracle | Oracle Communications 12.6.1.0.0 | |
| Oracle | Oracle Communications 9.1.5 |
…and 33 more
Timeline
- Apr 19, 2024 CVE Published
- Apr 20, 2024 EPSS Score
- May 15, 2024 EPSS Score
- Jun 9, 2024 EPSS Score
- Jul 4, 2024 EPSS Score
- Jul 29, 2024 EPSS Score
- Aug 2, 2024 CVE Updated
- Aug 23, 2024 EPSS Score
- Sep 16, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 11, 2024 EPSS Score
- Nov 30, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0937.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0937 advisory
- https://github.com/jasper-software/jasper/issues/381 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-31744 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-April/018403.html advisory
- https://www.dell.com/support/kbdoc/de-de/000227573/dsa-2024-348-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-security-update-for-multiple-vulnerabilities advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/6P4UG4H5NVS7HCSSSBJTNPEBHMITTTOO/ advisory
- https://www.dell.com/support/kbdoc/de-de/000230678/dsa-2024-412-security-update-for-dell-ecs-3-8-1-2-multiple-third-party-component-vulnerabilities advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3195.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3195 advisory
- https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixCGBU advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1559.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1559 advisory
- https://www.oracle.com/security-alerts/cpujul2025.html#AppendixCGBU advisory
- https://www.ibm.com/support/pages/node/7259752 advisory