CVE-2025-8835

Name
CVE-2025-8835
Description
A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jas_image_chclrspc of the file src/libjasper/base/jas_image.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is bb7d62bd0a2a8e0e1fdb4d603f3305f955158c52. It is recommended to apply a patch to fix this issue.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
exploit https://drive.google.com/file/d/1E754R-FsFkNJp9OYtu6Dqjv47uGSVP18/view?usp=sharing
patch https://github.com/jasper-software/jasper/commit/bb7d62bd0a2a8e0e1fdb4d603f3305f955158c52
issue-tracking https://github.com/jasper-software/jasper/issues/400
issue-tracking https://github.com/jasper-software/jasper/issues/400#issuecomment-3134702772
signature https://vuldb.com/?ctiid.319369
vdb-entry https://vuldb.com/?id.319369
third-party-advisory https://vuldb.com/?submit.622408

Match rules

CPE URI Source package Min version Max version
jasper == 4.2.0 == 4.2.0
jasper == 4.2.1 == 4.2.1
jasper == 4.2.2 == 4.2.2
jasper == 4.2.3 == 4.2.3
jasper == 4.2.4 == 4.2.4
jasper == 4.2.5 == 4.2.5
cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:* jasper >= None <= 4.2.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
jasper edge-community 4.2.5-r0 Bart Ribbers <bribbers@disroot.org> possibly vulnerable
jasper edge-community 4.2.4-r0 Bart Ribbers <bribbers@disroot.org> possibly vulnerable
jasper 3.22-community 4.2.4-r0 Bart Ribbers <bribbers@disroot.org> possibly vulnerable