CVE-2016-8886

Опубликовано: 23 мар. 2017

Источник: debian

EPSS Низкий

Описание

The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.

Пакеты

Пакет	Статус	Релиз	Тип
jasper	removed		package
jasper	no-dsa	jessie	package
jasper	no-dsa	wheezy	package

Примечания

https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c
The memory exhaustion has no real impact unless when jasper is compiled with ASAN.
Without ASAN the failure is handled gracefully. In addition the fix is marked as experimental
and not suitable for a backport.

EPSS

Процентиль: 54%

0.00317

Низкий

Связанные уязвимости

CVE-2016-8886

CVSS3: 7.8

ubuntu

почти 9 лет назад

The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.

CVE-2016-8886

CVSS3: 3.3

redhat

больше 9 лет назад

The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.

CVE-2016-8886

CVSS3: 7.8

nvd

почти 9 лет назад

The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.

GHSA-9xmw-vfxq-m8h5

CVSS3: 7.8

github

больше 3 лет назад

The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.

SUSE-SU-2016:2776-1

suse-cvrf

около 9 лет назад

Security update for jasper

EPSS

Процентиль: 54%

0.00317

Низкий