Published: 15/02/2017 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer prior to 1.900.4 allows remote malicious users to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jasper project jasper
debian debian linux 8.0
fedoraproject fedora 25

Synopsis Important: jasper security update Type/Severity Security Advisory: Important Topic An update for jasper is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scor ...

Debian Bug report logs - #841111 jasper: CVE-2016-8691 CVE-2016-8692 Package: src:jasper; Maintainer for src:jasper is Roland Stigge <stigge@antcomde>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 17 Oct 2016 18:09:01 UTC Severity: grave Tags: patch, security, upstream Found in version jasper/1 ...

Several security issues were fixed in JasPer ...

Multiple vulnerabilities have been discovered in the JasPer library for processing JPEG-2000 images, which may result in denial of service or the execution of arbitrary code if a malformed image is processed For the stable distribution (jessie), these problems have been fixed in version 19001-debian1-24+deb8u2 We recommend that you upgrade you ...

Multiple flaws were found in the way JasPer decoded JPEG 2000 image files Aspecially crafted file could cause an application using JasPer to crash or,possibly, execute arbitrary code ( CVE-2016-8654, CVE-2016-9560, CVE-2016-10249,CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690, CVE-2016-8693,CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, ...

A division by zero vulnerability was found in jpc_dec_process_siz triggered by invoking imginfo command on specially crafted file ...

Automated Patch transplantation tool for C programs

PatchWeave Semantic based patch transplantation tool for C programs PatchWeave transplants patches across programs which are semantically equivalent but syntactically different, to fix bugs/vulnerabilities that exist across multiple programs (ie recurring vulnerabilities) Docker Image PatchWeave is distributed in source code form and pre-installed in Docker image The Docker

CWE-369 https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020 https://bugzilla.redhat.com/show_bug.cgi?id=1385502 https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/http://www.openwall.com/lists/oss-security/2016/10/16/14 http://www.openwall.com/lists/oss-security/2016/08/23/6 http://www.debian.org/security/2017/dsa-3785 http://www.securityfocus.com/bid/93593 https://access.redhat.com/errata/RHSA-2017:1208 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THLEZURI4D24PRM7SMASC5I25IAWXXTM/https://access.redhat.com/errata/RHSA-2017:1208 https://usn.ubuntu.com/3295-1/https://nvd.nist.gov

CVE-2016-8691

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect