|Description||Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.|
|Source||CVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, web search, more)|
|NVD severity||high (attack range: local)|
Vulnerable and fixed packages
The table below lists information on source packages.
|jasper (PTS)||squeeze, squeeze (security)||1.900.1-7+squeeze1||fixed|
|wheezy (security), wheezy||1.900.1-13+deb7u3||fixed|
|stretch, sid, jessie||1.900.1-debian1-2.4||fixed|
The information below is based on the following data on fixed versions.
|Package||Type||Release||Fixed Version||Urgency||Origin||Debian Bugs|
file is opened with O_EXCL even if tmpnam is used in this case