cbcvebase.
CVE-2016-8691
published 2017-02-15

CVE-2016-8691: The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error…

PriorityP416medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
EPSS
2.17%
80.0th percentile
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.

Affected

5 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
fedoraprojectfedora
jasper_projectjasper<= 1.900.3
jasper_projectjasper>= 0 < 1.900.1-14ubuntu3.41.900.1-14ubuntu3.4
jasper_projectjasper>= 0 < 1.900.1-debian1-2.4ubuntu1.11.900.1-debian1-2.4ubuntu1.1

CVSS provenance

nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.