CVE-2016-1867

CWE-119Buffer OverflowCWE-125Out-of-bounds Read11 documents7 sources
Severity
6.5MEDIUM
EPSS
0.5%
top 32.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jasper Project Jasper
Timeline
PublishedJan 20
Latest updateMay 14

Description

The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Ubuntujasper< 1.900.1-14ubuntu3.4+1

🔴Vulnerability Details

3
GHSA
GHSA-p682-vjjx-r68w: The jpc_pi_nextcprl function in JasPer 12022-05-14
CVEList
CVE-2016-1867: The jpc_pi_nextcprl function in JasPer 12016-01-20
OSV
CVE-2016-1867: The jpc_pi_nextcprl function in JasPer 12016-01-20

📋Vendor Advisories

2
Ubuntu
JasPer vulnerabilities2017-05-18
Red Hat
jasper: out-of-bounds read in jpc_pi_nextcprl()2016-01-13

💬Community

5
Bugzilla
CVE-2016-1867 jasper: out-of-bounds read in jpc_pi_nextcprl()2016-01-13
Bugzilla
CVE-2016-1867 jasper: out-of-bounds read in the jpc_pi_nextcprl() function [epel-5]2016-01-13
Bugzilla
CVE-2016-1867 mingw-jasper: jasper: out-of-bounds read in the jpc_pi_nextcprl() function [epel-7]2016-01-13
Bugzilla
CVE-2016-1867 jasper: out-of-bounds read in the jpc_pi_nextcprl() function [fedora-all]2016-01-13
Bugzilla
CVE-2016-1867 mingw-jasper: jasper: out-of-bounds read in the jpc_pi_nextcprl() function [fedora-all]2016-01-13
CVE-2016-1867 (MEDIUM CVSS 6.5) | The jpc_pi_nextcprl function in Jas | cvebase.io