CVE-2022-2963 A vulnerability found in jasper

this memory leak occurs due to a memory leak in the cmdopts_parse function. When this memory leak is not fixed in time, it can cause a crash or a segmentation fault.

Affected versions:

Jasper versions 2.X.X

Jasper versions 3.X.X

Jasper versions 4.X.X
Concern:

Memory leak happens due to a specific function called cmdopts_parse in jasper. Impact of this vulnerability can be done by user’s own code. This can be done by specially crafted code such as a remote code injection.

How to Prevent Vulnerability:

Releasing a new patched version of Jasper.

Jasper Code Review Recommendation:

To prevent this vulnerability, you should review the code of jasper and make sure that it's not there.

Jasper Change Log

Jasper 2.1.0
- CVE-2022-2963
this memory leak occurs due to a memory leak in the cmdopts_parse function. When this memory leak is not fixed in time, it can cause a crash or a segmentation fault.
- Security issue fixed: CVE-2022-2963
vendor: Jasper versions 2.X.X, Jasper versions 3.X.X, Jasper versions 4.X.X

Jasper 2.X.X

Check the release notes for all of the latest updates and fixes.

Timeline

Published on: 10/14/2022 18:15:00 UTC
Last modified on: 10/18/2022 18:04:00 UTC

References

• https://github.com/jasper-software/jasper/issues/332
• https://access.redhat.com/security/cve/CVE-2022-2963
• https://bugzilla.redhat.com/show_bug.cgi?id=2118587
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2963