A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 16 Sep 2025 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*

Tue, 12 Aug 2025 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Jasper Project
Jasper Project jasper
Vendors & Products Jasper Project
Jasper Project jasper

Mon, 11 Aug 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 11 Aug 2025 08:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue.
Title JasPer JPEG2000 File jpc_dec.c jpc_dec_dump use after free
Weaknesses CWE-119
CWE-416
References
Metrics cvssV2_0

{'score': 4.3, 'vector': 'AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-08-11T19:56:29.410Z

Reserved: 2025-08-10T11:14:54.230Z

Link: CVE-2025-8837

cve-icon Vulnrichment

Updated: 2025-08-11T19:46:06.281Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-11T08:15:26.887

Modified: 2025-09-16T18:55:31.197

Link: CVE-2025-8837

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-12T11:47:05Z