CVE-2025-8836

low-risk
Published 2025-08-11

A vulnerability was determined in JasPer up to 4.2.5. Affected by this issue is the function jpc_floorlog2 of the file src/libjasper/jpc/jpc_enc.c of the component JPEG2000 Encoder. The manipulation leads to reachable assertion. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 79185d32d7a444abae441935b20ae4676b3513d4. It is recommended to apply a patch to fix this issue.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.3/10 Low
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Jasper Project

References (7)

Exploit https://drive.google.com/file/d/1pPgndhHh2z0lk99Wt31W-XIW3XWt8FB3/view?usp=drive...
Patch https://github.com/jasper-software/jasper/commit/79185d32d7a444abae441935b20ae46...
Exploit https://github.com/jasper-software/jasper/issues/401
Permissions Required https://vuldb.com/?ctiid.319370
Third Party Advisory https://vuldb.com/?id.319370
Exploit https://vuldb.com/?submit.622409
Exploit https://github.com/jasper-software/jasper/issues/401
18
/ 100
low-risk
Severity 13/34 · Low
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal