ID CVE-2016-9393
Summary The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
References
Vulnerable Configurations
  • JasPer Project JasPer 1.900.17
    cpe:2.3:a:jasper_project:jasper:1.900.17
CVSS
Base: 4.3 (as of 24-03-2017 - 11:37)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1916-1.NASL
    description This update for jasper fixes the following issues: Security issues fixed : - CVE-2016-9262: Multiple integer overflows in the jas_realloc function in base/jas_malloc.c and mem_resize function in base/jas_stream.c allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities. (bsc#1009994) - CVE-2016-9388: The ras_getcmap function in ras_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010975) - CVE-2016-9389: The jpc_irct and jpc_iict functions in jpc_mct.c allow remote attackers to cause a denial of service (assertion failure). (bsc#1010968) - CVE-2016-9390: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010774) - CVE-2016-9391: The jpc_bitstream_getbits function in jpc_bs.c allows remote attackers to cause a denial of service (assertion failure) via a very large integer. (bsc#1010782) - CVE-2017-1000050: The jp2_encode function in jp2_enc.c allows remote attackers to cause a denial of service. (bsc#1047958) CVEs already fixed with previous update : - CVE-2016-9392: The calcstepsizes function in jpc_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010757) - CVE-2016-9393: The jpc_pi_nextrpcl function in jpc_t2cod.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010766) - CVE-2016-9394: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010756) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 101891
    published 2017-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101891
    title SUSE SLED12 / SLES12 Security Update : jasper (SUSE-SU-2017:1916-1)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0102.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Bump release - Multiple security fixes (fixed by thoger): CVE-2015-5203 CVE-2015-5221 CVE-2016-1577 CVE-2016-1867 (CVE-2016-2089) CVE-2016-2116 CVE-2016-8654 CVE-2016-8690 CVE-2016-8691 (CVE-2016-8692) CVE-2016-8693 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 (CVE-2016-9262) CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 (CVE-2016-9391) CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9560 (CVE-2016-9583) CVE-2016-9591 CVE-2016-9600 CVE-2016-10248 CVE-2016-10249 (CVE-2016-10251) - Fix implicit declaration warning caused by security fixes above - CVE-2014-8157 - dec->numtiles off-by-one check in jpc_dec_process_sot (#1183672) - CVE-2014-8158 - unrestricted stack memory use in jpc_qmfb.c (#1183680) - CVE-2014-8137 - double-free in in jas_iccattrval_destroy (#1173567) - CVE-2014-8138 - heap overflow in jp2_decode (#1173567) - CVE-2014-9029 - incorrect component number check in COC, RGN and QCC marker segment decoders (#1171209)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 100116
    published 2017-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100116
    title OracleVM 3.3 / 3.4 : jasper (OVMSA-2017-0102)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-1208.NASL
    description From Red Hat Security Advisory 2017:1208 : An update for jasper is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix(es) : Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2016-8654, CVE-2016-9560, CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690, CVE-2016-8693, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, CVE-2016-9591) Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. (CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8691, CVE-2016-8692, CVE-2016-8883, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9583, CVE-2016-9600, CVE-2016-10248, CVE-2016-10251) Red Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-8654, CVE-2016-9583, CVE-2016-9591, and CVE-2016-9600; Gustavo Grieco for reporting CVE-2015-5203; and Josselin Feist for reporting CVE-2015-5221.
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 100089
    published 2017-05-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100089
    title Oracle Linux 6 / 7 : jasper (ELSA-2017-1208)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170509_JASPER_ON_SL6_X.NASL
    description Security Fix(es) : Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2016-8654, CVE-2016-9560, CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690, CVE-2016-8693, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, CVE-2016-9591) Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. (CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8691, CVE-2016-8692, CVE-2016-8883, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9583, CVE-2016-9600, CVE-2016-10248, CVE-2016-10251)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 100120
    published 2017-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100120
    title Scientific Linux Security Update : jasper on SL6.x, SL7.x i386/x86_64
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1095.NASL
    description According to the versions of the jasper package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2016-8654, CVE-2016-9560, CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690, CVE-2016-8693, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, CVE-2016-9591) - Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. (CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8691, CVE-2016-8692, CVE-2016-8883, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9583, CVE-2016-9600, CVE-2016-10248, CVE-2016-10251) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 100812
    published 2017-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100812
    title EulerOS 2.0 SP2 : jasper (EulerOS-SA-2017-1095)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-CFC20D5D45.NASL
    description Security fix for CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9560, CVE-2016-9591, CVE-2016-9600, CVE-2016-10251 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-05-17
    plugin id 100231
    published 2017-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100231
    title Fedora 25 : jasper (2017-cfc20d5d45)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3693-1.NASL
    description It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110765
    published 2018-06-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110765
    title Ubuntu 14.04 LTS / 16.04 LTS : jasper vulnerabilities (USN-3693-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-DA0B00FD64.NASL
    description Security fix for CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9560, CVE-2016-9591, CVE-2016-9600, CVE-2016-10251 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-05-19
    plugin id 100281
    published 2017-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100281
    title Fedora 24 : jasper (2017-da0b00fd64)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1208.NASL
    description An update for jasper is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix(es) : Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2016-8654, CVE-2016-9560, CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690, CVE-2016-8693, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, CVE-2016-9591) Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. (CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8691, CVE-2016-8692, CVE-2016-8883, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9583, CVE-2016-9600, CVE-2016-10248, CVE-2016-10251) Red Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-8654, CVE-2016-9583, CVE-2016-9591, and CVE-2016-9600; Gustavo Grieco for reporting CVE-2015-5203; and Josselin Feist for reporting CVE-2015-5221.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 100093
    published 2017-05-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100093
    title RHEL 6 / 7 : jasper (RHSA-2017:1208)
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZLSA-2017-1208.NASL
    description An update for jasper is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix(es) : Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2016-8654, CVE-2016-9560, CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690, CVE-2016-8693, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, CVE-2016-9591) Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. (CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8691, CVE-2016-8692, CVE-2016-8883, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9583, CVE-2016-9600, CVE-2016-10248, CVE-2016-10251) Red Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-8654, CVE-2016-9583, CVE-2016-9591, and CVE-2016-9600; Gustavo Grieco for reporting CVE-2015-5203; and Josselin Feist for reporting CVE-2015-5221. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 101464
    published 2017-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101464
    title Virtuozzo 6 : jasper / jasper-devel / jasper-libs / jasper-utils (VZLSA-2017-1208)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-836.NASL
    description Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. ( CVE-2016-8654 , CVE-2016-9560 , CVE-2016-10249 , CVE-2015-5203 , CVE-2015-5221 , CVE-2016-1577 , CVE-2016-8690 , CVE-2016-8693 , CVE-2016-8884 , CVE-2016-8885 , CVE-2016-9262 , CVE-2016-9591 ) Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. (CVE-2016-1867 , CVE-2016-2089 , CVE-2016-2116 , CVE-2016-8691 , CVE-2016-8692 , CVE-2016-8883 , CVE-2016-9387 , CVE-2016-9388 , CVE-2016-9389 , CVE-2016-9390 , CVE-2016-9391 , CVE-2016-9392 , CVE-2016-9393 , CVE-2016-9394 , CVE-2016-9583 , CVE-2016-9600 , CVE-2016-10248 , CVE-2016-10251)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 100637
    published 2017-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100637
    title Amazon Linux AMI : jasper (ALAS-2017-836)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1094.NASL
    description According to the versions of the jasper package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2016-8654, CVE-2016-9560, CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690, CVE-2016-8693, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, CVE-2016-9591) - Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. (CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8691, CVE-2016-8692, CVE-2016-8883, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9583, CVE-2016-9600, CVE-2016-10248, CVE-2016-10251) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-29
    plugin id 100811
    published 2017-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100811
    title EulerOS 2.0 SP1 : jasper (EulerOS-SA-2017-1094)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-844.NASL
    description This update for jasper fixes the following issues : Security issues fixed : - CVE-2016-9262: Multiple integer overflows in the jas_realloc function in base/jas_malloc.c and mem_resize function in base/jas_stream.c allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities. (bsc#1009994) - CVE-2016-9388: The ras_getcmap function in ras_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010975) - CVE-2016-9389: The jpc_irct and jpc_iict functions in jpc_mct.c allow remote attackers to cause a denial of service (assertion failure). (bsc#1010968) - CVE-2016-9390: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010774) - CVE-2016-9391: The jpc_bitstream_getbits function in jpc_bs.c allows remote attackers to cause a denial of service (assertion failure) via a very large integer. (bsc#1010782) - CVE-2017-1000050: The jp2_encode function in jp2_enc.c allows remote attackers to cause a denial of service. (bsc#1047958) CVEs already fixed with previous update : - CVE-2016-9392: The calcstepsizes function in jpc_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010757) - CVE-2016-9393: The jpc_pi_nextrpcl function in jpc_t2cod.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010766) - CVE-2016-9394: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010756) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 101972
    published 2017-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101972
    title openSUSE Security Update : jasper (openSUSE-2017-844)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0339-1.NASL
    description This update for jasper fixes the following issues: Security issues fixed : - CVE-2016-9262: Multiple integer overflows in the jas_realloc function in base/jas_malloc.c and mem_resize function in base/jas_stream.c allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities. (bsc#1009994) - CVE-2016-9388: The ras_getcmap function in ras_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010975) - CVE-2016-9389: The jpc_irct and jpc_iict functions in jpc_mct.c allow remote attackers to cause a denial of service (assertion failure). (bsc#1010968) - CVE-2016-9390: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010774) - CVE-2016-9391: The jpc_bitstream_getbits function in jpc_bs.c allows remote attackers to cause a denial of service (assertion failure) via a very large integer. (bsc#1010782) - CVE-2017-1000050: The jp2_encode function in jp2_enc.c allows remote attackers to cause a denial of service. (bsc#1047958) CVEs already fixed with previous update : - CVE-2016-9392: The calcstepsizes function in jpc_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010757) - CVE-2016-9393: The jpc_pi_nextrpcl function in jpc_t2cod.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010766) - CVE-2016-9394: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010756) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 106580
    published 2018-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106580
    title SUSE SLED12 / SLES12 Security Update : jasper (SUSE-SU-2018:0339-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1901-1.NASL
    description This update for jasper fixes the following issues: Security issues fixed : - CVE-2016-9262: Multiple integer overflows in the jas_realloc function in base/jas_malloc.c and mem_resize function in base/jas_stream.c allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities. (bsc#1009994) - CVE-2016-9388: The ras_getcmap function in ras_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010975) - CVE-2016-9389: The jpc_irct and jpc_iict functions in jpc_mct.c allow remote attackers to cause a denial of service (assertion failure). (bsc#1010968) - CVE-2016-9390: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010774) - CVE-2016-9391: The jpc_bitstream_getbits function in jpc_bs.c allows remote attackers to cause a denial of service (assertion failure) via a very large integer. (bsc#1010782) - CVE-2017-1000050: The jp2_encode function in jp2_enc.c allows remote attackers to cause a denial of service. (bsc#1047958) CVEs already fixed with previous update : - CVE-2016-9392: The calcstepsizes function in jpc_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010757) - CVE-2016-9393: The jpc_pi_nextrpcl function in jpc_t2cod.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010766) - CVE-2016-9394: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010756) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 101832
    published 2017-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101832
    title SUSE SLES11 Security Update : jasper (SUSE-SU-2017:1901-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-1208.NASL
    description An update for jasper is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix(es) : Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2016-8654, CVE-2016-9560, CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690, CVE-2016-8693, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, CVE-2016-9591) Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. (CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8691, CVE-2016-8692, CVE-2016-8883, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9583, CVE-2016-9600, CVE-2016-10248, CVE-2016-10251) Red Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-8654, CVE-2016-9583, CVE-2016-9591, and CVE-2016-9600; Gustavo Grieco for reporting CVE-2015-5203; and Josselin Feist for reporting CVE-2015-5221.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 100174
    published 2017-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100174
    title CentOS 6 / 7 : jasper (CESA-2017:1208)
redhat via4
advisories
rhsa
id RHSA-2017:1208
rpms
  • jasper-0:1.900.1-30.el7_3
  • jasper-devel-0:1.900.1-30.el7_3
  • jasper-libs-0:1.900.1-30.el7_3
  • jasper-utils-0:1.900.1-30.el7_3
  • jasper-0:1.900.1-21.el6_9
  • jasper-devel-0:1.900.1-21.el6_9
  • jasper-libs-0:1.900.1-21.el6_9
  • jasper-utils-0:1.900.1-21.el6_9
refmap via4
bid 94377
confirm
misc https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure
mlist [oss-security] 20161117 Re: jasper: multiple assertion failures
ubuntu USN-3693-1
Last major update 27-03-2017 - 13:11
Published 23-03-2017 - 14:59
Last modified 28-06-2018 - 21:29
Back to Top