CVE-2016-8692

CWE-369CWE-20Improper Input Validation12 documents7 sources
Severity
5.5MEDIUM
EPSS
0.5%
top 35.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Jasper Project JasperDebian Debian LinuxFedoraproject Fedora
Timeline
PublishedFeb 15
Latest updateMay 14

Description

The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Ubuntujasper< 1.900.1-14ubuntu3.4+1

Also affects: Debian Linux 8.0, Fedora 25

Patches

Patch: blogs.gentoo.orgPatch: bugzilla.redhat.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-68w6-6x26-g44x: The jpc_dec_process_siz function in libjasper/jpc/jpc_dec2022-05-14
CVEList
CVE-2016-8692: The jpc_dec_process_siz function in libjasper/jpc/jpc_dec2017-02-15
OSV
CVE-2016-8692: The jpc_dec_process_siz function in libjasper/jpc/jpc_dec2017-02-15

📋Vendor Advisories

2
Ubuntu
JasPer vulnerabilities2017-05-18
Red Hat
jasper: missing SIZ marker segment XRsiz and YRsiz fields range check2016-10-15

💬Community

6
Bugzilla
CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 jasper: various flaws [fedora-all]2016-10-17
Bugzilla
CVE-2016-8691 CVE-2016-8692 jasper: missing SIZ marker segment XRsiz and YRsiz fields range check2016-10-17
Bugzilla
CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 jasper: various flaws [epel-5]2016-10-17
Bugzilla
CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 mingw-jasper: various flaws [epel-7]2016-10-17
Bugzilla
CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 mingw-jasper: various flaws [fedora-all]2016-10-17
CVE-2016-8692 (MEDIUM CVSS 5.5) | The jpc_dec_process_siz function in | cvebase.io