Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-1577

Опубликовано: 03 мар. 2016
Источник: redhat
CVSS3: 7
CVSS2: 5.1
EPSS Низкий

Описание

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5netpbmNot affected
Red Hat Enterprise Virtualization 3mingw-virt-viewerWill not fix
Red Hat Enterprise Linux 6jasperFixedRHSA-2017:120809.05.2017
Red Hat Enterprise Linux 7jasperFixedRHSA-2017:120809.05.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1314466jasper: double free issue in jas_iccattrval_destroy()

EPSS

Процентиль: 92%
0.07729
Низкий

7 High

CVSS3

5.1 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-1577

CVSS3: 7.6
ubuntu
больше 9 лет назад

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.

nvd логотип

CVE-2016-1577

CVSS3: 7.6
nvd
больше 9 лет назад

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.

debian логотип

CVE-2016-1577

CVSS3: 7.6
debian
больше 9 лет назад

Double free vulnerability in the jas_iccattrval_destroy function in Ja ...

github логотип

GHSA-w9x9-p92f-4hrr

CVSS3: 7.6
github
больше 3 лет назад

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.

suse-cvrf логотип

SUSE-SU-2016:2776-1

suse-cvrf
около 9 лет назад

Security update for jasper

EPSS

Процентиль: 92%
0.07729
Низкий

7 High

CVSS3

5.1 Medium

CVSS2