CVE-2016-9591

Опубликовано: 16 дек. 2016

Источник: redhat

CVSS3: 7

CVSS2: 5.1

EPSS Низкий

Описание

JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.

A use-after-free flaw was found in the way JasPer, before version 2.0.12, decode certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	netpbm	Will not fix
Red Hat Enterprise Virtualization 3	mingw-virt-viewer	Will not fix
Red Hat Enterprise Linux 6	jasper	Fixed	RHSA-2017:1208	09.05.2017
Red Hat Enterprise Linux 7	jasper	Fixed	RHSA-2017:1208	09.05.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=1406405jasper: use-after-free / double-free in JPC encoder

EPSS

Процентиль: 64%

0.00479

Низкий

7 High

CVSS3

5.1 Medium

CVSS2

Связанные уязвимости

CVE-2016-9591

CVSS3: 5.5

ubuntu

больше 7 лет назад

JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.

CVE-2016-9591

CVSS3: 5.5

nvd

больше 7 лет назад

JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.

CVE-2016-9591

CVSS3: 5.5

debian

больше 7 лет назад

JasPer before version 2.0.12 is vulnerable to a use-after-free in the ...

GHSA-j57x-xc7m-f43w

CVSS3: 5.5

github

больше 3 лет назад

JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.

openSUSE-SU-2017:0101-1

suse-cvrf

почти 9 лет назад

Security update for jasper

EPSS

Процентиль: 64%

0.00479

Низкий

7 High

CVSS3

5.1 Medium

CVSS2