CVE-2016-8886

CWE-119 — Buffer Overflow CWE-770 — Allocation without Limits10 documents6 sources

Severity

7.8HIGH

EPSS

0.3%

top 45.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jasper Project Jasper

Timeline

PublishedMar 23

Latest updateMay 17

Description

The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDjasper_project/jasper1.900.10

🔴Vulnerability Details

GHSA

GHSA-9xmw-vfxq-m8h5: The jas_malloc function in libjasper/base/jas_malloc↗2022-05-17

▶

OSV

CVE-2016-8886: The jas_malloc function in libjasper/base/jas_malloc↗2017-03-23

▶

CVEList

CVE-2016-8886: The jas_malloc function in libjasper/base/jas_malloc↗2017-03-23

▶

📋Vendor Advisories

Red Hat

jasper: no upper limit on memory allocations in jas_malloc()↗2016-10-18

▶

💬Community

Bugzilla

CVE-2016-10250 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 CVE-2016-8887 jasper: various flaws [fedora-all]↗2016-10-26

▶

Bugzilla

CVE-2016-10250 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 CVE-2016-8887 mingw-jasper: various flaws [fedora-all]↗2016-10-26

▶

Bugzilla

CVE-2016-8886 jasper: no upper limit on memory allocations in jas_malloc()↗2016-10-26

▶

Bugzilla

CVE-2016-10250 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 CVE-2016-8887 mingw-jasper: various flaws [epel-7]↗2016-10-26

▶

Bugzilla

CVE-2016-10250 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 CVE-2016-8887 jasper: various flaws [epel-5]↗2016-10-26

▶