CVE-2025-8836

Name
CVE-2025-8836
Description
A vulnerability was determined in JasPer up to 4.2.5. Affected by this issue is the function jpc_floorlog2 of the file src/libjasper/jpc/jpc_enc.c of the component JPEG2000 Encoder. The manipulation leads to reachable assertion. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 79185d32d7a444abae441935b20ae4676b3513d4. It is recommended to apply a patch to fix this issue.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
exploit https://drive.google.com/file/d/1pPgndhHh2z0lk99Wt31W-XIW3XWt8FB3/view?usp=drive_link
patch https://github.com/jasper-software/jasper/commit/79185d32d7a444abae441935b20ae4676b3513d4
issue-tracking https://github.com/jasper-software/jasper/issues/401
signature https://vuldb.com/?ctiid.319370
vdb-entry https://vuldb.com/?id.319370
third-party-advisory https://vuldb.com/?submit.622409

Match rules

CPE URI Source package Min version Max version
jasper == 4.2.0 == 4.2.0
jasper == 4.2.1 == 4.2.1
jasper == 4.2.2 == 4.2.2
jasper == 4.2.3 == 4.2.3
jasper == 4.2.4 == 4.2.4
jasper == 4.2.5 == 4.2.5
cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:* jasper >= None <= 4.2.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
jasper edge-community 4.2.5-r0 Bart Ribbers <bribbers@disroot.org> possibly vulnerable
jasper edge-community 4.2.4-r0 Bart Ribbers <bribbers@disroot.org> possibly vulnerable
jasper 3.22-community 4.2.4-r0 Bart Ribbers <bribbers@disroot.org> possibly vulnerable