CVE-2016-9391

Опубликовано: 23 мар. 2017

Источник: debian

Описание

The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
jasper	removed			package

Примечания

Fix: https://github.com/mdadams/jasper/commit/1e84674d95353c64e5c4c0e7232ae86fd6ea813b
Testcase: https://github.com/asarubbo/poc/blob/master/00014-jasper-assert-jpc_bitstream_getbits
Negligible security impact

Связанные уязвимости

CVE-2016-9391

CVSS3: 7.5

ubuntu

больше 8 лет назад

The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.

CVE-2016-9391

CVSS3: 5.5

redhat

около 9 лет назад

The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.

CVE-2016-9391

CVSS3: 7.5

nvd

больше 8 лет назад

The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.

GHSA-qvf8-3qmw-6gvc

CVSS3: 7.5

github

больше 3 лет назад

The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.

openSUSE-SU-2017:1960-1

suse-cvrf

больше 8 лет назад

Security update for jasper