{"id":"CVE-2025-8835","details":"A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jas_image_chclrspc of the file src/libjasper/base/jas_image.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is bb7d62bd0a2a8e0e1fdb4d603f3305f955158c52. It is recommended to apply a patch to fix this issue.","modified":"2026-04-12T22:06:19.159349Z","published":"2025-08-11T07:15:32.450Z","related":["SUSE-SU-2025:03219-1","SUSE-SU-2025:03367-1","SUSE-SU-2025:3947-1","SUSE-SU-2026:20200-1","openSUSE-SU-2025:15447-1","openSUSE-SU-2026:20138-1"],"references":[{"type":"ADVISORY","url":"https://vuldb.com/?id.319369"},{"type":"REPORT","url":"https://github.com/jasper-software/jasper/issues/400#issuecomment-3134702772"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.319369"},{"type":"REPORT","url":"https://github.com/jasper-software/jasper/issues/400"},{"type":"FIX","url":"https://github.com/jasper-software/jasper/commit/bb7d62bd0a2a8e0e1fdb4d603f3305f955158c52"},{"type":"EVIDENCE","url":"https://vuldb.com/?submit.622408"},{"type":"EVIDENCE","url":"https://drive.google.com/file/d/1E754R-FsFkNJp9OYtu6Dqjv47uGSVP18/view?usp=sharing"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jasper-software/jasper","events":[{"introduced":"0"},{"fixed":"bb7d62bd0a2a8e0e1fdb4d603f3305f955158c52"}]},{"type":"GIT","repo":"https://github.com/mdadams/jasper","events":[{"introduced":"0"},{"last_affected":"849888f0a6e76bb440581d5f8c0a947a39e92aa2"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.2.5"}]}}],"versions":["manual-version-mdadams-20220109-2039","manual-version-mdadams-20221103-1902","mdadams-clang-issue","version-1.900.1","version-1.900.10","version-1.900.11","version-1.900.12","version-1.900.13","version-1.900.14","version-1.900.15","version-1.900.16","version-1.900.17","version-1.900.18","version-1.900.19","version-1.900.2","version-1.900.20","version-1.900.21","version-1.900.22","version-1.900.23","version-1.900.24","version-1.900.25","version-1.900.26","version-1.900.27","version-1.900.28","version-1.900.29","version-1.900.3","version-1.900.30","version-1.900.31","version-1.900.4","version-1.900.5","version-1.900.6","version-1.900.7","version-1.900.8","version-1.900.9","version-2.0.0","version-2.0.0-beta.1","version-2.0.0-beta.2","version-2.0.1","version-2.0.10","version-2.0.11","version-2.0.12","version-2.0.13","version-2.0.14","version-2.0.15","version-2.0.16","version-2.0.19","version-2.0.2","version-2.0.20","version-2.0.21","version-2.0.21-rc1","version-2.0.22","version-2.0.22-rc1","version-2.0.23","version-2.0.24","version-2.0.25","version-2.0.26","version-2.0.27","version-2.0.28","version-2.0.29","version-2.0.3","version-2.0.31","version-2.0.32","version-2.0.33","version-2.0.4","version-2.0.5","version-2.0.6","version-2.0.7","version-2.0.8","version-2.0.9","version-3.0.0","version-3.0.0-rc1","version-3.0.0-rc2","version-3.0.1","version-3.0.2","version-3.0.3","version-3.0.4","version-3.0.5","version-3.0.6","version-4.0.0","version-4.0.0-rc1","version-4.0.1","version-4.0.1-rc1","version-4.1.0","version-4.1.0-rc1","version-4.1.0-rc2","version-4.1.1","version-4.1.1-rc1","version-4.1.2","version-4.2.0","version-4.2.0-rc1","version-4.2.1","version-4.2.2","version-4.2.3","version-4.2.4","version-4.2.5"],"database_specific":{"vanir_signatures":[{"digest":{"line_hashes":["183219530944732686144535915623034331164","112701634923227247126259143977422386617","325480060842298054675506554684507797499","263123976598210615807298703390756368643","21984555081232004916920178769044196126","196018682061991012562781369989400561980","181187700816666489641263470058418800956","291243127878417176135771520521632630887","240261402481768523212211982678326980886","223526583775023259354483160642681940418","13829715100538203401973171209560122822","274793326252022507618133644602467388330","240087360755408473752890021113124867210","46202114167682827947841017559575243538","171016868895673990517985053688322926063","45717046918874828545796379631878317115","309364251841776815753371383198881927456","11772366220522576544428695948292738880","213458847733933703213659210326043112456","158690200583984510548945009095868292490","284150484779927075069831146982700446916","71260978713710627925292624299995933322","145353292354767550030803547347567150364","259288000405335056387208155884368922902","68982123432963660121245000882019357959","57920792521045374306880864501448444126","204248093685569065409972196143215342750","321002811770536601586053523156264112717","88448608784652986646850715837954978986","128432532610457977519271177167802426609","125482591824066370503909072184449075763","132063112078885594970667030956399635894","268024510409557941216605945162123765324","243441107415427959500636932105528258672","49792047160639900674210333869564584978","266591097541788410845915200183144089474","41039181966513851861299494694306647354","19978416674371615944720413745306568008","8296673706081549963550924484095094100","166487244688349797750662308289501499751","109845967918088765522754589443387175917","336797515348114306864196710428697117031","215313353952478969259855995283109029809","241857714242368105723822237732828812763","111940272966822169596817526399752138122","223609413032064383452529538071787249559","310105030404291059557450876213581070692","38208754378001421156901144968515766604","86282075679289366249104714462971627526","212876519479454949303339200930647486819","242930920551645865551149937433143132257","264906352665179537729723836923402043671","257752593690878620313362249178014677689","4301583228109527079169385349207380944","321268262805482401197842895053966967973","34701872780378237024575422672973288947","203398971752550419728630456844976947898"],"threshold":0.9},"source":"https://github.com/jasper-software/jasper/commit/bb7d62bd0a2a8e0e1fdb4d603f3305f955158c52","target":{"file":"src/libjasper/base/jas_image.c"},"signature_version":"v1","signature_type":"Line","id":"CVE-2025-8835-55b7e283","deprecated":false},{"digest":{"function_hash":"300783845551430023567839453561778296302","length":4184},"source":"https://github.com/jasper-software/jasper/commit/bb7d62bd0a2a8e0e1fdb4d603f3305f955158c52","target":{"function":"jas_image_chclrspc","file":"src/libjasper/base/jas_image.c"},"signature_version":"v1","signature_type":"Function","id":"CVE-2025-8835-91536279","deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8835.json","vanir_signatures_modified":"2026-04-12T22:06:19Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}