Vulnerability CVE-2016-9398


Published: 2017-03-23

Description:
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

Type:

CWE-Other

Vendor: Opensuse
Product: LEAP 
Version: 42.2;
Vendor: Opensuse project
Product: LEAP 
Version: 42.2; 42.1;
Vendor: SUSE
Product: Linux enterprise server for raspberry pi 
Version: 12;
Product: Linux enterprise desktop 
Version: 12;
Product: Linux enterprise software development kit 
Version: 12;
Product: Linux enterprise server 
Version: 12;
Vendor: Jasper project
Product: Jasper 
Version: 1.900.16;

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00009.html
http://www.openwall.com/lists/oss-security/2016/11/17/1
http://www.securityfocus.com/bid/94382
https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure
https://bugzilla.redhat.com/show_bug.cgi?id=1396980

Related CVE
CVE-2017-14232
The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted flif file.
CVE-2018-20622
JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used.
CVE-2018-20584
JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.
CVE-2018-20570
jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.
CVE-2018-19543
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.
CVE-2018-19542
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.
CVE-2018-19541
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c.
CVE-2018-19540
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c.

Copyright 2019, cxsecurity.com

 

Back to Top