CVE-2025-8837

low-risk
Published 2025-08-11

A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue.

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Jasper Project

References (9)

Exploit https://drive.google.com/file/d/17Ic_DDOlH7mMT7IbTN2Bmo6SrujIUh24/view?usp=shari...
Patch https://github.com/jasper-software/jasper/commit/8308060d3fbc1da10353ac8a95c8ea6...
Exploit https://github.com/jasper-software/jasper/issues/402
Permissions Required https://vuldb.com/?ctiid.319371
Third Party Advisory https://vuldb.com/?id.319371
Exploit https://vuldb.com/?submit.630487
Exploit https://vuldb.com/?submit.630488
Exploit https://github.com/jasper-software/jasper/issues/402
Exploit https://vuldb.com/?submit.630488
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal