CVE-2016-10251
Severity
7.8HIGH
EPSS
0.4%
top 40.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 15
Latest updateMay 14
Description
Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages2 packages
Patches
🔴Vulnerability Details
3📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2016-10248 CVE-2016-10251 CVE-2017-1000050 CVE-2017-13745 CVE-2017-13746 CVE-2017-13747 CVE-2017-13748 CVE-2017-13749 CVE-2017-13750 CVE-2017-13751 CVE-2017-13752 CVE-2017-14132 CVE-2017-6850 CVE-↗2017-03-21
Bugzilla▶
CVE-2016-10251 jasper: integer overflow in jpc_pi_nextcprl(), leading to out-of-bounds read↗2017-03-21
Bugzilla▶
CVE-2016-10249 CVE-2016-10248 CVE-2017-6850 CVE-2017-6852 CVE-2016-10251 jasper: various flaws [epel-5]↗2017-03-21
Bugzilla▶
CVE-2016-10251 CVE-2017-1000050 CVE-2017-13745 CVE-2017-13746 CVE-2017-13747 CVE-2017-13748 CVE-2017-13749 CVE-2017-13750 CVE-2017-13751 CVE-2017-13752 CVE-2017-14132 CVE-2017-6850 CVE-2017-6851 CVE-2↗2017-03-21