CVE-2016-10250
Severity
7.5HIGH
EPSS
0.7%
top 28.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 15
Latest updateMay 14
Description
The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages2 packages
Patches
🔴Vulnerability Details
3📋Vendor Advisories
2💬Community
5Bugzilla▶
CVE-2016-10250 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 CVE-2016-8887 jasper: various flaws [fedora-all]↗2016-10-26
Bugzilla▶
CVE-2016-10250 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 CVE-2016-8887 mingw-jasper: various flaws [fedora-all]↗2016-10-26
Bugzilla▶
CVE-2016-10250 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 CVE-2016-8887 mingw-jasper: various flaws [epel-7]↗2016-10-26
Bugzilla▶
CVE-2016-10250 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 CVE-2016-8887 jasper: various flaws [epel-5]↗2016-10-26
Bugzilla▶
CVE-2016-10250 jasper: Null pointer dereference in jp2_colr_destroy (incomplete fix for CVE-2016-8887)↗2016-10-26