ID CVE-2016-9393
Summary The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. <a href="http://cwe.mitre.org/data/definitions/617.html">CWE-617: Reachable Assertion</a>
References
Vulnerable Configurations
  • cpe:2.3:a:jasper_project:jasper:1.900.17:*:*:*:*:*:*:*
    cpe:2.3:a:jasper_project:jasper:1.900.17:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 29-06-2018 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2017:1208
rpms
  • jasper-0:1.900.1-21.el6_9
  • jasper-0:1.900.1-30.el7_3
  • jasper-debuginfo-0:1.900.1-21.el6_9
  • jasper-debuginfo-0:1.900.1-30.el7_3
  • jasper-devel-0:1.900.1-21.el6_9
  • jasper-devel-0:1.900.1-30.el7_3
  • jasper-libs-0:1.900.1-21.el6_9
  • jasper-libs-0:1.900.1-30.el7_3
  • jasper-utils-0:1.900.1-21.el6_9
  • jasper-utils-0:1.900.1-30.el7_3
refmap via4
bid 94377
confirm
misc https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure
mlist [oss-security] 20161117 Re: jasper: multiple assertion failures
ubuntu USN-3693-1
Last major update 29-06-2018 - 01:29
Published 23-03-2017 - 18:59
Last modified 29-06-2018 - 01:29
Back to Top