CVE-2016-10248

Опубликовано: 15 мар. 2017

Источник: debian

Описание

The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
jasper	removed			package

Примечания

https://www.openwall.com/lists/oss-security/2016/10/20/5
Not suitable for code injection, hardly denial of service
https://github.com/mdadams/jasper/commit/2e82fa00466ae525339754bb3ab0a0474a31d4bd

Связанные уязвимости

CVE-2016-10248

CVSS3: 7.5

ubuntu

больше 8 лет назад

The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.

CVE-2016-10248

CVSS3: 5.5

redhat

около 9 лет назад

The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.

CVE-2016-10248

CVSS3: 7.5

nvd

больше 8 лет назад

The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.

GHSA-fwrx-6246-jgv9

CVSS3: 7.5

github

больше 3 лет назад

The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.

ELSA-2017-1208

oracle-oval

больше 8 лет назад

ELSA-2017-1208: jasper security update (IMPORTANT)