Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2016-8693

Published: 15/02/2017 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Jasper

Vulnerability Summary

Double free vulnerability in the mem_close function in jas_stream.c in JasPer prior to 1.900.10 allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.

Vulnerable Product Search on Vulmon Subscribe to Product

jasper project jasper

opensuse opensuse 13.2

fedoraproject fedora 23

Vendor Advisories

Red Hat: Important: jasper security update
Synopsis Important: jasper security update Type/Severity Security Advisory: Important Topic An update for jasper is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scor ...
Debian CVElist Bug Report Logs: jasper: CVE-2016-8693
Debian Bug report logs - #841110 jasper: CVE-2016-8693 Package: src:jasper; Maintainer for src:jasper is Roland Stigge <stigge@antcomde>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 17 Oct 2016 18:03:01 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in version jasper/19001 ...
Ubuntu Security Notice: jasper vulnerabilities
Several security issues were fixed in JasPer ...
Debian Security Advisories: DSA-3785-1 jasper -- security update
Multiple vulnerabilities have been discovered in the JasPer library for processing JPEG-2000 images, which may result in denial of service or the execution of arbitrary code if a malformed image is processed For the stable distribution (jessie), these problems have been fixed in version 19001-debian1-24+deb8u2 We recommend that you upgrade you ...
Amazon Linux AMI: ALAS-2017-836
Multiple flaws were found in the way JasPer decoded JPEG 2000 image files Aspecially crafted file could cause an application using JasPer to crash or,possibly, execute arbitrary code ( CVE-2016-8654, CVE-2016-9560, CVE-2016-10249,CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690, CVE-2016-8693,CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, ...
Arch Linux Issues:
A double free vulnerability was found in mem_close in jas_streamc triggered by invoking imginfo command on specially crafted image file ...

References

CWE-415https://github.com/mdadams/jasper/commit/44a524e367597af58d6265ae2014468b334d0309https://bugzilla.redhat.com/show_bug.cgi?id=1385507https://blogs.gentoo.org/ago/2016/10/16/jasper-double-free-in-mem_close-jas_stream-c/http://www.openwall.com/lists/oss-security/2016/10/16/14http://www.openwall.com/lists/oss-security/2016/08/23/6http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.htmlhttp://www.securityfocus.com/bid/93587http://www.debian.org/security/2017/dsa-3785https://access.redhat.com/errata/RHSA-2017:1208https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/https://access.redhat.com/errata/RHSA-2017:1208https://nvd.nist.govhttps://usn.ubuntu.com/3295-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook