CVE-2016-10251

Опубликовано: 15 мар. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.

Ссылки

http://www.debian.org/security/2017/dsa-3827
http://www.securityfocus.com/bid/97584
https://access.redhat.com/errata/RHSA-2017:1208
https://blogs.gentoo.org/ago/2016/11/04/jasper-use-of-uninitialized-value-in-jpc_pi_nextcprl-jpc_t2cod-c/
Exploit
Issue Tracking
Patch
Third Party Advisory
VDB Entry
https://github.com/mdadams/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html
http://www.debian.org/security/2017/dsa-3827
http://www.securityfocus.com/bid/97584
https://access.redhat.com/errata/RHSA-2017:1208
https://blogs.gentoo.org/ago/2016/11/04/jasper-use-of-uninitialized-value-in-jpc_pi_nextcprl-jpc_t2cod-c/
Exploit
Issue Tracking
Patch
Third Party Advisory
VDB Entry
https://github.com/mdadams/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*

Версия до 1.900.19 (включая)

EPSS

Процентиль: 74%

0.00815

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

CVE-2016-10251

CVSS3: 7.8

ubuntu

больше 8 лет назад

CVE-2016-10251

CVSS3: 5.5

redhat

около 9 лет назад

CVE-2016-10251

CVSS3: 7.8

debian

больше 8 лет назад

Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in Jas ...

GHSA-4c9x-hwrm-39j5

CVSS3: 7.8

github

больше 3 лет назад

openSUSE-SU-2017:1034-1

suse-cvrf

больше 8 лет назад

Security update for jasper

EPSS

Процентиль: 74%

0.00815

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-190