CVE-2016-8884
published 2017-03-28CVE-2016-8884: The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by…
PriorityP420medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
EPSS
2.28%
81.0th percentile
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| jasper_project | jasper | — | — |
| jasper_project | jasper | >= 0 < 1.900.1-14ubuntu3.4 | 1.900.1-14ubuntu3.4 |
| jasper_project | jasper | >= 0 < 1.900.1-debian1-2.4ubuntu1.1 | 1.900.1-debian1-2.4ubuntu1.1 |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
jasper: missing jas_matrix_create() parameter checks
vendor_redhat·2016-10-15·CVSS 5.5
CVE-2016-8884 [MEDIUM] CWE-20 jasper: missing jas_matrix_create() parameter checks
jasper: missing jas_matrix_create() parameter checks
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.
Package: netpbm (Red Hat Enterprise Linux 5) - Will not fix
Package: mingw-virt-viewer (Red Hat Enterprise Virtualization 3) - Will not fix
GHSA
GHSA-jcm6-3979-rvmm: The bmp_getdata function in libjasper/bmp/bmp_dec
ghsa_unreviewed·2022-05-14·CVSS 5.5
CVE-2016-8884 [MEDIUM] CWE-476 GHSA-jcm6-3979-rvmm: The bmp_getdata function in libjasper/bmp/bmp_dec
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.
OSV
CVE-2016-8884: The bmp_getdata function in libjasper/bmp/bmp_dec
osv·2017-03-28·CVSS 5.5
CVE-2016-8884 [MEDIUM] CVE-2016-8884: The bmp_getdata function in libjasper/bmp/bmp_dec
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-10250 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 CVE-2016-8887 jasper: various flaws [fedora-all]
bugzilla·2016-10-26·CVSS 7.5
CVE-2016-10250 [HIGH] CVE-2016-10250 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 CVE-2016-8887 jasper: various flaws [fedora-all]
CVE-2016-10250 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 CVE-2016-8887 jasper: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Bugzilla
CVE-2016-10250 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 CVE-2016-8887 mingw-jasper: various flaws [fedora-all]
bugzilla·2016-10-26·CVSS 7.5
CVE-2016-10250 [HIGH] CVE-2016-10250 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 CVE-2016-8887 mingw-jasper: various flaws [fedora-all]
CVE-2016-10250 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 CVE-2016-8887 mingw-jasper: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit mess
Bugzilla
CVE-2016-10250 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 CVE-2016-8887 mingw-jasper: various flaws [epel-7]
bugzilla·2016-10-26·CVSS 7.5
CVE-2016-10250 [HIGH] CVE-2016-10250 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 CVE-2016-8887 mingw-jasper: various flaws [epel-7]
CVE-2016-10250 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 CVE-2016-8887 mingw-jasper: various flaws [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit mes
Bugzilla
CVE-2016-10250 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 CVE-2016-8887 jasper: various flaws [epel-5]
bugzilla·2016-10-26·CVSS 7.5
CVE-2016-10250 [HIGH] CVE-2016-10250 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 CVE-2016-8887 jasper: various flaws [epel-5]
CVE-2016-10250 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 CVE-2016-8887 jasper: various flaws [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Bugzilla
jasper: missing jas_matrix_create() parameter checks (incomplete fix for CVE-2016-8690)
bugzilla·2016-10-26·CVSS 5.5
CVE-2016-8690 [MEDIUM] jasper: missing jas_matrix_create() parameter checks (incomplete fix for CVE-2016-8690)
jasper: missing jas_matrix_create() parameter checks (incomplete fix for CVE-2016-8690)
Null pointer dereference vulnerability in bmp_getdata in bmp_dec.c was found.
Upstream patch:
https://github.com/mdadams/jasper/commit/5d66894d2313e3f3469f19066e149e08ff076698
CVE assignment:
http://seclists.org/oss-sec/2016/q4/213
Discussion:
Created mingw-jasper tracking bugs for this issue:
Affects: fedora-all [bug 1388874]
Affects: epel-7 [bug 1388876]
---
Created jasper tracking bugs for this issue:
Affects: fedora-all [bug 1388873]
Affects: epel-5 [bug 1388875]
---
Both CVEs here - CVE-2016-8884 CVE-2016-8885 - were assigned to the same issue for which CVE-2016-8690 was originally assigned and which was not addressed in the original patch. I'm going move these additional CVEs to the b
Bugzilla
CVE-2016-8690 CVE-2016-8884 CVE-2016-8885 jasper: missing jas_matrix_create() parameter checks
bugzilla·2016-10-17·CVSS 5.5
CVE-2016-8690 [MEDIUM] CVE-2016-8690 CVE-2016-8884 CVE-2016-8885 jasper: missing jas_matrix_create() parameter checks
CVE-2016-8690 CVE-2016-8884 CVE-2016-8885 jasper: missing jas_matrix_create() parameter checks
Null pointer dereference vulnerability was found in bmp_getdata triggered by invoking imginfo command on specially crafted BMP image.
Upstream patch:
https://github.com/mdadams/jasper/commit/8f62b4761711d036fd8964df256b938c809b7fca
CVE assignment:
http://www.openwall.com/lists/oss-security/2016/10/16/14
Discussion:
Created mingw-jasper tracking bugs for this issue:
Affects: fedora-all [bug 1385517]
Affects: epel-7 [bug 1385519]
---
Created jasper tracking bugs for this issue:
Affects: fedora-all [bug 1385516]
Affects: epel-5 [bug 1385518]
---
Upstream patch does not fix this issue according to the reporter:
http://seclists.org/oss-sec/2016/q4/172
---
Fixed in: https://github.com/m
http://www.openwall.com/lists/oss-security/2016/10/23/1http://www.openwall.com/lists/oss-security/2016/10/23/9http://www.securityfocus.com/bid/93834https://access.redhat.com/errata/RHSA-2017:1208https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690/https://bugzilla.redhat.com/show_bug.cgi?id=1385499https://github.com/mdadams/jasper/commit/5d66894d2313e3f3469f19066e149e08ff076698https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/http://www.openwall.com/lists/oss-security/2016/10/23/1http://www.openwall.com/lists/oss-security/2016/10/23/9http://www.securityfocus.com/bid/93834https://access.redhat.com/errata/RHSA-2017:1208https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690/https://bugzilla.redhat.com/show_bug.cgi?id=1385499https://github.com/mdadams/jasper/commit/5d66894d2313e3f3469f19066e149e08ff076698https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/
2017-03-28
Published