CVE-2016-10249

CWE-190Integer OverflowCWE-122Heap-based Buffer Overflow8 documents7 sources
Severity
7.8HIGH
EPSS
0.5%
top 32.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jasper Project Jasper
Timeline
PublishedMar 15
Latest updateMay 14

Description

Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

Ubuntujasper< 1.900.1-14ubuntu3.4+1
NVDjasper_project/jasper1.900.11

Patches

Patch: blogs.gentoo.orgPatch: github.comPatch: blogs.gentoo.org

🔴Vulnerability Details

3
GHSA
GHSA-w7m7-2vcc-wx3m: Integer overflow in the jpc_dec_tiledecode function in jpc_dec2022-05-14
CVEList
CVE-2016-10249: Integer overflow in the jpc_dec_tiledecode function in jpc_dec2017-03-15
OSV
CVE-2016-10249: Integer overflow in the jpc_dec_tiledecode function in jpc_dec2017-03-15

📋Vendor Advisories

2
Ubuntu
JasPer vulnerabilities2017-05-18
Red Hat
jasper: integer overflow in jas_matrix_create()2016-10-23

💬Community

2
Bugzilla
CVE-2016-10249 CVE-2016-10248 CVE-2017-6850 CVE-2017-6852 CVE-2016-10251 jasper: various flaws [epel-5]2017-03-21
Bugzilla
CVE-2016-10249 jasper: integer overflow in jas_matrix_create()2016-10-26
CVE-2016-10249 (HIGH CVSS 7.8) | Integer overflow in the jpc_dec_til | cvebase.io