Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2016-8692

Published: 15/02/2017 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Jasper Project

Vulnerability Summary

The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer prior to 1.900.4 allows remote malicious users to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.

Vulnerable Product Search on Vulmon Subscribe to Product

jasper project jasper

fedoraproject fedora 25

debian debian linux 8.0

Vendor Advisories

Red Hat: Important: jasper security update
Synopsis Important: jasper security update Type/Severity Security Advisory: Important Topic An update for jasper is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scor ...
Debian CVElist Bug Report Logs: jasper: CVE-2016-8691 CVE-2016-8692
Debian Bug report logs - #841111 jasper: CVE-2016-8691 CVE-2016-8692 Package: src:jasper; Maintainer for src:jasper is Roland Stigge <stigge@antcomde>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 17 Oct 2016 18:09:01 UTC Severity: grave Tags: patch, security, upstream Found in version jasper/1 ...
Ubuntu Security Notice: jasper vulnerabilities
Several security issues were fixed in JasPer ...
Debian Security Advisories: DSA-3785-1 jasper -- security update
Multiple vulnerabilities have been discovered in the JasPer library for processing JPEG-2000 images, which may result in denial of service or the execution of arbitrary code if a malformed image is processed For the stable distribution (jessie), these problems have been fixed in version 19001-debian1-24+deb8u2 We recommend that you upgrade you ...
Amazon Linux AMI: ALAS-2017-836
Multiple flaws were found in the way JasPer decoded JPEG 2000 image files Aspecially crafted file could cause an application using JasPer to crash or,possibly, execute arbitrary code ( CVE-2016-8654, CVE-2016-9560, CVE-2016-10249,CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690, CVE-2016-8693,CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, ...
Arch Linux Issues:
A division by zero vulnerability was found in jpc_dec_process_siz triggered by invoking imginfo command on specially crafted file ...

References

CWE-369https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020https://bugzilla.redhat.com/show_bug.cgi?id=1385502https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/http://www.openwall.com/lists/oss-security/2016/10/16/14http://www.openwall.com/lists/oss-security/2016/08/23/6http://www.debian.org/security/2017/dsa-3785http://www.securityfocus.com/bid/93588https://access.redhat.com/errata/RHSA-2017:1208https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THLEZURI4D24PRM7SMASC5I25IAWXXTM/https://access.redhat.com/errata/RHSA-2017:1208https://nvd.nist.govhttps://usn.ubuntu.com/3295-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook