CVE-2016-9557

Опубликовано: 23 мар. 2017

Источник: debian

Описание

Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.

Пакеты

Пакет	Статус	Релиз	Тип
jasper	removed		package
jasper	no-dsa	jessie	package
jasper	no-dsa	wheezy	package

Примечания

https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c
Fixed by: https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a

Связанные уязвимости

CVE-2016-9557

CVSS3: 5.5

ubuntu

почти 9 лет назад

Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.

CVE-2016-9557

CVSS3: 3.3

redhat

около 9 лет назад

Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.

CVE-2016-9557

CVSS3: 5.5

nvd

почти 9 лет назад

Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.

GHSA-q4c4-wm35-x9g8

CVSS3: 5.5

github

больше 3 лет назад

Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.

SUSE-SU-2020:2690-1

suse-cvrf

больше 5 лет назад

Security update for jasper