|Description||Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.|
|Source||CVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)|
|NVD severity||high (attack range: local)|
Vulnerable and fixed packages
The table below lists information on source packages.
|jasper (PTS)||wheezy (security), wheezy||1.900.1-13+deb7u4||fixed|
|stretch, sid, jessie (security), jessie||1.900.1-debian1-2.4+deb8u1||fixed|
The information below is based on the following data on fixed versions.
|Package||Type||Release||Fixed Version||Urgency||Origin||Debian Bugs|
file is opened with O_EXCL even if tmpnam is used in this case