CVE-2016-8887

Опубликовано: 23 мар. 2017

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).

Ссылки

http://www.openwall.com/lists/oss-security/2016/10/23/3
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/10/23/6
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/93835
Third Party Advisory
VDB Entry
https://blogs.gentoo.org/ago/2016/10/18/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1388828
Issue Tracking
Third Party Advisory
https://github.com/mdadams/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d
Issue Tracking
Patch
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/
https://usn.ubuntu.com/3693-1/
http://www.openwall.com/lists/oss-security/2016/10/23/3
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/10/23/6
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/93835
Third Party Advisory
VDB Entry
https://blogs.gentoo.org/ago/2016/10/18/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1388828
Issue Tracking
Third Party Advisory
https://github.com/mdadams/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d
Issue Tracking
Patch
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/
https://usn.ubuntu.com/3693-1/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*

Версия до 1.900.9 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00219

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-476

Связанные уязвимости

CVE-2016-8887

CVSS3: 5.5

ubuntu

почти 9 лет назад

The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).

CVE-2016-8887

CVSS3: 7

redhat

больше 9 лет назад

The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).

CVE-2016-8887

CVSS3: 5.5

debian

почти 9 лет назад

The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer bef ...

GHSA-gv2q-xcvg-jr5q

CVSS3: 5.5

github

больше 3 лет назад

The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).

SUSE-SU-2016:2776-1

suse-cvrf

около 9 лет назад

Security update for jasper

EPSS

Процентиль: 44%

0.00219

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-476