CVE-2016-8690
jasper: missing jas_matrix_create() parameter checks
Severity Score
5.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.
La función bmp_getdata en libjasper/bmp/bmp_dec.c en JasPer en versiones anteriores a 1.900.5 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) a través de una imagen BMP manipulada en un comando imginfo.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-10-15 CVE Reserved
- 2017-02-15 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-10-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
- CWE-476: NULL Pointer Dereference
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2016/08/23/6 | Mailing List | |
http://www.openwall.com/lists/oss-security/2016/10/16/14 | Mailing List | |
http://www.securityfocus.com/bid/93590 | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html | Mailing List |
URL | Date | SRC |
---|---|---|
https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c | 2024-08-06 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1385499 | 2024-08-06 |
URL | Date | SRC |
---|---|---|
https://github.com/mdadams/jasper/commit/8f62b4761711d036fd8964df256b938c809b7fca | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Jasper Project Search vendor "Jasper Project" | Jasper Search vendor "Jasper Project" for product "Jasper" | <= 1.900.29 Search vendor "Jasper Project" for product "Jasper" and version " <= 1.900.29" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 23 Search vendor "Fedoraproject" for product "Fedora" and version "23" | - |
Affected
|