CVE-2016-8693

CWE-415 CWE-416 — Use After Free11 documents7 sources

Severity

7.8HIGH

EPSS

0.6%

top 30.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jasper Project Jasper Fedoraproject Fedora Opensuse Opensuse

Timeline

PublishedFeb 15

Latest updateMay 14

Description

Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶Ubuntujasper< 1.900.1-14ubuntu3.4+1

▶NVDjasper_project/jasper1.900.5

▶NVDopensuse/opensuse13.2

Also affects: Fedora 23

Patches

Patch: blogs.gentoo.org ↗Patch: bugzilla.redhat.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-68fr-g7g6-87xw: Double free vulnerability in the mem_close function in jas_stream↗2022-05-14

▶

CVEList

CVE-2016-8693: Double free vulnerability in the mem_close function in jas_stream↗2017-02-15

▶

OSV

CVE-2016-8693: Double free vulnerability in the mem_close function in jas_stream↗2017-02-15

▶

📋Vendor Advisories

Ubuntu

JasPer vulnerabilities↗2017-05-18

▶

Red Hat

jasper: incorrect handling of bufsize 0 in mem_resize()↗2016-10-15

▶

💬Community

Bugzilla

CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 jasper: various flaws [fedora-all]↗2016-10-17

▶

Bugzilla

CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 jasper: various flaws [epel-5]↗2016-10-17

▶

Bugzilla

CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 mingw-jasper: various flaws [epel-7]↗2016-10-17

▶

Bugzilla

CVE-2016-8693 jasper: incorrect handling of bufsize 0 in mem_resize()↗2016-10-17

▶

Bugzilla

CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 mingw-jasper: various flaws [fedora-all]↗2016-10-17

▶