The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NUL…
The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
The product dereferences a pointer that it expects to be valid but is NULL.
https://cwe.mitre.org/data/definitions/476.html →Open in CWE collection →The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
https://cwe.mitre.org/data/definitions/822.html →Open in CWE collection →This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.
https://capec.mitre.org/data/definitions/129.html →Open in CAPEC collection →