CVE-2016-8887

CWE-476NULL Pointer DereferenceCWE-45613 documents7 sources
Severity
5.5MEDIUM
EPSS
0.2%
top 55.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jasper Project JasperFedoraproject Fedora
Timeline
PublishedMar 23
Latest updateMay 14

Description

The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Ubuntujasper< 1.900.1-14ubuntu3.5+1

Also affects: Fedora 23, 24

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-gv2q-xcvg-jr5q: The jp2_colr_destroy function in libjasper/jp2/jp2_cod2022-05-14
OSV
CVE-2016-8887: The jp2_colr_destroy function in libjasper/jp2/jp2_cod2017-03-23
CVEList
CVE-2016-8887: The jp2_colr_destroy function in libjasper/jp2/jp2_cod2017-03-23

📋Vendor Advisories

3
Ubuntu
JasPer vulnerabilities2018-06-27
Red Hat
jasper: uninitialized pointer use in jp2_box_get()2016-10-18
Red Hat
jasper: Null pointer dereference in jp2_colr_destroy (incomplete fix for CVE-2016-8887)2016-10-18

💬Community

6
Bugzilla
CVE-2016-10250 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 CVE-2016-8887 jasper: various flaws [fedora-all]2016-10-26
Bugzilla
CVE-2016-10250 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 CVE-2016-8887 mingw-jasper: various flaws [fedora-all]2016-10-26
Bugzilla
CVE-2016-10250 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 CVE-2016-8887 mingw-jasper: various flaws [epel-7]2016-10-26
Bugzilla
CVE-2016-10250 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8886 CVE-2016-8887 jasper: various flaws [epel-5]2016-10-26
Bugzilla
CVE-2016-8887 jasper: uninitialized pointer use in jp2_box_get()2016-10-26
CVE-2016-8887 (MEDIUM CVSS 5.5) | The jp2_colr_destroy function in li | cvebase.io