CVE-2022-2963: Missing Release of Memory after Effective Lifetime

October 14, 2022 (updated October 18, 2022)

A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault.

References

access.redhat.com/security/cve/CVE-2022-2963
bugzilla.redhat.com/show_bug.cgi?id=2118587
github.com/jasper-software/jasper/issues/332
nvd.nist.gov/vuln/detail/CVE-2022-2963

Detect and mitigate CVE-2022-2963 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →