CVE-2016-8885

CWE-476NULL Pointer DereferenceCWE-20Improper Input Validation7 documents6 sources
Severity
5.5MEDIUM
EPSS
0.4%
top 42.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jasper Project Jasper
Timeline
PublishedMar 23
Latest updateMay 14

Description

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Ubuntujasper< 1.900.1-14ubuntu3.4+1

🔴Vulnerability Details

3
GHSA
GHSA-9rjc-f277-9qf9: The bmp_getdata function in libjasper/bmp/bmp_dec2022-05-14
OSV
CVE-2016-8885: The bmp_getdata function in libjasper/bmp/bmp_dec2017-03-23
CVEList
CVE-2016-8885: The bmp_getdata function in libjasper/bmp/bmp_dec2017-03-23

📋Vendor Advisories

1
Red Hat
jasper: missing jas_matrix_create() parameter checks2016-10-15

💬Community

2
Bugzilla
jasper: missing jas_matrix_create() parameter checks (incomplete fix for CVE-2016-8690)2016-10-26
Bugzilla
CVE-2016-8690 CVE-2016-8884 CVE-2016-8885 jasper: missing jas_matrix_create() parameter checks2016-10-17
CVE-2016-8885 (MEDIUM CVSS 5.5) | The bmp_getdata function in libjasp | cvebase.io