{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8837", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-08-10T11:14:54.230Z", "datePublished": "2025-08-11T08:02:07.784Z", "dateUpdated": "2025-08-11T19:56:29.410Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-11T08:02:07.784Z"}, "title": "JasPer JPEG2000 File jpc_dec.c jpc_dec_dump use after free", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "Use After Free"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "n/a", "product": "JasPer", "versions": [{"version": "4.2.0", "status": "affected"}, {"version": "4.2.1", "status": "affected"}, {"version": "4.2.2", "status": "affected"}, {"version": "4.2.3", "status": "affected"}, {"version": "4.2.4", "status": "affected"}, {"version": "4.2.5", "status": "affected"}], "modules": ["JPEG2000 File Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue."}, {"lang": "de", "value": "Hiervon betroffen ist die Funktion jpc_dec_dump der Datei src/libjasper/jpc/jpc_dec.c der Komponente JPEG2000 File Handler. Durch Manipulieren mit unbekannten Daten kann eine use after free-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 8308060d3fbc1da10353ac8a95c8ea60eba9c25a bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2025-08-10T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-08-10T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-08-10T13:20:01.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "rootsec (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.319371", "name": "VDB-319371 | JasPer JPEG2000 File jpc_dec.c jpc_dec_dump use after free", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.319371", "name": "VDB-319371 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.630487", "name": "Submit #630487 | jasper imginfo JasPer Version**: 4.2.5 and the newest master Use-after-free", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.630488", "name": "Submit #630488 | jasper imginfo JasPer Version**: 4.2.5 and the newest master Use-after-free (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/jasper-software/jasper/issues/402", "tags": ["issue-tracking"]}, {"url": "https://drive.google.com/file/d/17Ic_DDOlH7mMT7IbTN2Bmo6SrujIUh24/view?usp=sharing", "tags": ["exploit"]}, {"url": "https://github.com/jasper-software/jasper/commit/8308060d3fbc1da10353ac8a95c8ea60eba9c25a", "tags": ["patch"]}]}, "adp": [{"references": [{"url": "https://github.com/jasper-software/jasper/issues/402", "tags": ["exploit"]}, {"url": "https://vuldb.com/?submit.630488", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-11T19:56:26.199027Z", "id": "CVE-2025-8837", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-11T19:56:29.410Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8837", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-11T19:56:26.199027Z"}}}], "references": [{"url": "https://github.com/jasper-software/jasper/issues/402", "tags": ["exploit"]}, {"url": "https://vuldb.com/?submit.630488", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-11T19:46:06.281Z"}}], "cna": {"title": "JasPer JPEG2000 File jpc_dec.c jpc_dec_dump use after free", "credits": [{"lang": "en", "type": "reporter", "value": "rootsec (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "n/a", "modules": ["JPEG2000 File Handler"], "product": "JasPer", "versions": [{"status": "affected", "version": "4.2.0"}, {"status": "affected", "version": "4.2.1"}, {"status": "affected", "version": "4.2.2"}, {"status": "affected", "version": "4.2.3"}, {"status": "affected", "version": "4.2.4"}, {"status": "affected", "version": "4.2.5"}]}], "timeline": [{"lang": "en", "time": "2025-08-10T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-08-10T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-08-10T13:20:01.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.319371", "name": "VDB-319371 | JasPer JPEG2000 File jpc_dec.c jpc_dec_dump use after free", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.319371", "name": "VDB-319371 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.630487", "name": "Submit #630487 | jasper imginfo JasPer Version**: 4.2.5 and the newest master Use-after-free", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.630488", "name": "Submit #630488 | jasper imginfo JasPer Version**: 4.2.5 and the newest master Use-after-free (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/jasper-software/jasper/issues/402", "tags": ["issue-tracking"]}, {"url": "https://drive.google.com/file/d/17Ic_DDOlH7mMT7IbTN2Bmo6SrujIUh24/view?usp=sharing", "tags": ["exploit"]}, {"url": "https://github.com/jasper-software/jasper/commit/8308060d3fbc1da10353ac8a95c8ea60eba9c25a", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue."}, {"lang": "de", "value": "Hiervon betroffen ist die Funktion jpc_dec_dump der Datei src/libjasper/jpc/jpc_dec.c der Komponente JPEG2000 File Handler. Durch Manipulieren mit unbekannten Daten kann eine use after free-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 8308060d3fbc1da10353ac8a95c8ea60eba9c25a bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "Use After Free"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-11T08:02:07.784Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8837", "state": "PUBLISHED", "dateUpdated": "2025-08-11T19:56:29.410Z", "dateReserved": "2025-08-10T11:14:54.230Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-08-11T08:02:07.784Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue."}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad en JasPer hasta la versi\u00f3n 4.2.5. Esta afecta a la funci\u00f3n jpc_dec_dump del archivo src/libjasper/jpc/jpc_dec.c del componente JPEG2000 File Handler. La manipulaci\u00f3n provoca el uso despu\u00e9s de la liberaci\u00f3n. Un ataque debe abordarse localmente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El parche se denomina 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. Se recomienda aplicar un parche para solucionar este problema."}], "id": "CVE-2025-8837", "lastModified": "2025-08-11T20:15:28.987", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-08-11T08:15:26.887", "references": [{"source": "cna@vuldb.com", "url": "https://drive.google.com/file/d/17Ic_DDOlH7mMT7IbTN2Bmo6SrujIUh24/view?usp=sharing"}, {"source": "cna@vuldb.com", "url": "https://github.com/jasper-software/jasper/commit/8308060d3fbc1da10353ac8a95c8ea60eba9c25a"}, {"source": "cna@vuldb.com", "url": "https://github.com/jasper-software/jasper/issues/402"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.319371"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.319371"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.630487"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.630488"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/jasper-software/jasper/issues/402"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://vuldb.com/?submit.630488"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-416"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{"created": "2025-08-12T11:47:05.467047+00:00", "updated": "2025-08-12T11:47:05.467096+00:00", "vendors": ["jasper_project", "jasper_project$PRODUCT$jasper"]}