QwikSec

Security Database

CVE

CWE

Training

CVE-2025-8836

Published: Aug 11, 2025

Modified: Aug 12, 2025

PUBLISHED

CVSS v3.1

3.3

LOW

Description

A vulnerability was determined in JasPer up to 4.2.5. Affected by this issue is the function jpc_floorlog2 of the file src/libjasper/jpc/jpc_enc.c of the component JPEG2000 Encoder. The manipulation leads to reachable assertion. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 79185d32d7a444abae441935b20ae4676b3513d4. It is recommended to apply a patch to fix this issue.

Vendor	Product	Versions
n/a	JasPer	affected `4.2.0` affected `4.2.1` affected `4.2.2` affected `4.2.3` affected `4.2.4` +1 more versions

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

VDB-319370 | JasPer JPEG2000 Encoder jpc_enc.c jpc_floorlog2 assertion

vdb-entry

technical-description

VDB-319370 | CTI Indicators (IOB, IOC, IOA)

signature

permissions-required

Submit #622409 | JasPer The newest master && jasper-4.2.5 Assertion Failure

third-party-advisory

https://github.com/jasper-software/jasper/issues/401

issue-tracking

https://drive.google.com/file/d/1pPgndhHh2z0lk99Wt31W-XIW3XWt8FB3/view?usp=drive_link

exploit

https://github.com/jasper-software/jasper/commit/79185d32d7a444abae441935b20ae4676b3513d4

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.