CVE-2016-8886

Опубликовано: 23 мар. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.

Ссылки

http://www.openwall.com/lists/oss-security/2016/10/23/2
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/10/25/11
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/93839
Third Party Advisory
VDB Entry
https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1388880
Issue Tracking
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/
http://www.openwall.com/lists/oss-security/2016/10/23/2
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/10/25/11
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/93839
Third Party Advisory
VDB Entry
https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1388880
Issue Tracking
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*

Версия до 1.900.10 (включая)

EPSS

Процентиль: 54%

0.00317

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2016-8886

CVSS3: 7.8

ubuntu

почти 9 лет назад

The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.

CVE-2016-8886

CVSS3: 3.3

redhat

больше 9 лет назад

The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.

CVE-2016-8886

CVSS3: 7.8

debian

почти 9 лет назад

The jas_malloc function in libjasper/base/jas_malloc.c in JasPer befor ...

GHSA-9xmw-vfxq-m8h5

CVSS3: 7.8

github

больше 3 лет назад

The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.

SUSE-SU-2016:2776-1

suse-cvrf

около 9 лет назад

Security update for jasper

EPSS

Процентиль: 54%

0.00317

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-119