this memory leak occurs due to a memory leak in the cmdopts_parse function. When this memory leak is not fixed in time, it can cause a crash or a segmentation fault.
Affected versions:
Jasper versions 2.X.X
Jasper versions 3.X.X
Jasper versions 4.X.X
Concern:
Memory leak happens due to a specific function called cmdopts_parse in jasper. Impact of this vulnerability can be done by user’s own code. This can be done by specially crafted code such as a remote code injection.
How to Prevent Vulnerability:
Releasing a new patched version of Jasper.
Jasper Code Review Recommendation:
To prevent this vulnerability, you should review the code of jasper and make sure that it's not there.
Jasper Change Log
Jasper 2.1.0
- CVE-2022-2963
this memory leak occurs due to a memory leak in the cmdopts_parse function. When this memory leak is not fixed in time, it can cause a crash or a segmentation fault.
- Security issue fixed: CVE-2022-2963
vendor: Jasper versions 2.X.X, Jasper versions 3.X.X, Jasper versions 4.X.X
Jasper 2.X.X
Check the release notes for all of the latest updates and fixes.
Timeline
Published on: 10/14/2022 18:15:00 UTC
Last modified on: 10/18/2022 18:04:00 UTC