CVE-2016-10248

CWE-476NULL Pointer Dereference9 documents7 sources
Severity
7.5HIGH
EPSS
0.7%
top 28.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jasper Project Jasper
Timeline
PublishedMar 15
Latest updateMay 14

Description

The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Ubuntujasper< 1.900.1-14ubuntu3.5+1

Patches

Patch: blogs.gentoo.orgPatch: github.comPatch: blogs.gentoo.org

🔴Vulnerability Details

3
GHSA
GHSA-fwrx-6246-jgv9: The jpc_tsfb_synthesize function in jpc_tsfb2022-05-14
CVEList
CVE-2016-10248: The jpc_tsfb_synthesize function in jpc_tsfb2017-03-15
OSV
CVE-2016-10248: The jpc_tsfb_synthesize function in jpc_tsfb2017-03-15

📋Vendor Advisories

2
Ubuntu
JasPer vulnerabilities2018-06-27
Red Hat
jasper: NULL pointer dereference in jpc_tsfb_synthesize()2016-10-20

💬Community

3
Bugzilla
CVE-2016-10248 CVE-2016-10251 CVE-2017-1000050 CVE-2017-13745 CVE-2017-13746 CVE-2017-13747 CVE-2017-13748 CVE-2017-13749 CVE-2017-13750 CVE-2017-13751 CVE-2017-13752 CVE-2017-14132 CVE-2017-6850 CVE-2017-03-21
Bugzilla
CVE-2016-10248 jasper: NULL pointer dereference in jpc_tsfb_synthesize()2017-03-21
Bugzilla
CVE-2016-10249 CVE-2016-10248 CVE-2017-6850 CVE-2017-6852 CVE-2016-10251 jasper: various flaws [epel-5]2017-03-21
CVE-2016-10248 (HIGH CVSS 7.5) | The jpc_tsfb_synthesize function in | cvebase.io