ID CVE-2016-9396
Summary The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.
References
Vulnerable Configurations
  • Jasper Project Jasper 1.900.11
    cpe:2.3:a:jasper_project:jasper:1.900.11
CVSS
Base: 5.0 (as of 24-03-2017 - 11:40)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-3253.NASL
    description From Red Hat Security Advisory 2018:3253 : An update for jasper is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix(es) : * jasper: reachable assertion in JPC_NOMINALGAIN() (CVE-2016-9396) * jasper: NULL pointer exception in jp2_encode() (CVE-2017-1000050) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-07
    plugin id 118782
    published 2018-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118782
    title Oracle Linux 7 : jasper (ELSA-2018-3253)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20181030_JASPER_ON_SL7_X.NASL
    description Security Fix(es) : - jasper: reachable assertion in JPC_NOMINALGAIN() (CVE-2016-9396) - jasper: NULL pointer exception in jp2_encode() (CVE-2017-1000050)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 119185
    published 2018-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119185
    title Scientific Linux Security Update : jasper on SL7.x x86_64
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1389.NASL
    description According to the versions of the jasper package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - jasper: reachable assertion in JPC_NOMINALGAIN() (CVE-2016-9396) - jasper: NULL pointer exception in jp2_encode() (CVE-2017-1000050) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-10
    plugin id 119517
    published 2018-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119517
    title EulerOS 2.0 SP3 : jasper (EulerOS-SA-2018-1389)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-EC39FE2C9C.NASL
    description CVE-2016-9396 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120882
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120882
    title Fedora 28 : jasper (2018-ec39fe2c9c)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-E6DF7FCF75.NASL
    description CVE-2016-9396 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-06-04
    plugin id 110303
    published 2018-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110303
    title Fedora 27 : jasper (2018-e6df7fcf75)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3693-1.NASL
    description It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110765
    published 2018-06-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110765
    title Ubuntu 14.04 LTS / 16.04 LTS : jasper vulnerabilities (USN-3693-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-3253.NASL
    description An update for jasper is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix(es) : * jasper: reachable assertion in JPC_NOMINALGAIN() (CVE-2016-9396) * jasper: NULL pointer exception in jp2_encode() (CVE-2017-1000050) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 118539
    published 2018-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118539
    title RHEL 7 : jasper (RHSA-2018:3253)
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2019-1150.NASL
    description The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.(CVE-2016-9396) JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.(CVE-2017-1000050)
    last seen 2019-02-21
    modified 2019-01-25
    plugin id 121363
    published 2019-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121363
    title Amazon Linux 2 : jasper (ALAS-2019-1150)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1417.NASL
    description According to the versions of the jasper package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - jasper: reachable assertion in JPC_NOMINALGAIN() (CVE-2016-9396) - jasper: NULL pointer exception in jp2_encode() (CVE-2017-1000050) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 119906
    published 2018-12-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119906
    title EulerOS 2.0 SP2 : jasper (EulerOS-SA-2018-1417)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-3253.NASL
    description An update for jasper is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix(es) : * jasper: reachable assertion in JPC_NOMINALGAIN() (CVE-2016-9396) * jasper: NULL pointer exception in jp2_encode() (CVE-2017-1000050) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 119002
    published 2018-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119002
    title CentOS 7 : jasper (CESA-2018:3253)
redhat via4
advisories
  • rhsa
    id RHSA-2018:3253
  • rhsa
    id RHSA-2018:3505
rpms
  • jasper-0:1.900.1-33.el7
  • jasper-devel-0:1.900.1-33.el7
  • jasper-libs-0:1.900.1-33.el7
  • jasper-utils-0:1.900.1-33.el7
refmap via4
bid 94379
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1396978
misc
mlist [oss-security] 20161117 Re: jasper: multiple assertion failures
suse openSUSE-SU-2019:1315
ubuntu USN-3693-1
Last major update 27-03-2017 - 13:16
Published 23-03-2017 - 14:59
Last modified 02-05-2019 - 20:29
Back to Top