CVE-2016-9583

Опубликовано: 01 авг. 2018

Источник: nvd

CVSS3: 5.5

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

Ссылки

http://www.securityfocus.com/bid/94925
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:1208
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9583
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/mdadams/jasper/commit/aa0b0f79ade5eef8b0e7a214c03f5af54b36ba7d
Patch
Third Party Advisory
https://github.com/mdadams/jasper/commit/f25486c3d4aa472fec79150f2c41ed4333395d3d
Patch
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Patch
Third Party Advisory
http://www.securityfocus.com/bid/94925
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:1208
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9583
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/mdadams/jasper/commit/aa0b0f79ade5eef8b0e7a214c03f5af54b36ba7d
Patch
Third Party Advisory
https://github.com/mdadams/jasper/commit/f25486c3d4aa472fec79150f2c41ed4333395d3d
Patch
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*

Версия до 2.0.6 (исключая)

Конфигурация 3

cpe:2.3:a:oracle:outside_in_technology:8.5.3:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00318

Низкий

5.5 Medium

CVSS3

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2016-9583

CVSS3: 5.5

ubuntu

больше 7 лет назад

An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

CVE-2016-9583

CVSS3: 5.5

redhat

почти 9 лет назад

An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

CVE-2016-9583

CVSS3: 5.5

debian

больше 7 лет назад

An out-of-bounds heap read vulnerability was found in the jpc_pi_nextp ...

GHSA-3f3w-h3vg-6wx9

CVSS3: 7.8

github

больше 3 лет назад

An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

openSUSE-SU-2017:1034-1

suse-cvrf

больше 8 лет назад

Security update for jasper

EPSS

Процентиль: 54%

0.00318

Низкий

5.5 Medium

CVSS3

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-125