CVE-2016-9262

CWE-190Integer OverflowCWE-68110 documents6 sources
Severity
5.5MEDIUM
EPSS
0.4%
top 37.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jasper Project Jasper
Timeline
PublishedMar 23
Latest updateMay 14

Description

Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDjasper_project/jasper1.900.21

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-mqqx-q5h3-9hjf: Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc2022-05-14
CVEList
CVE-2016-9262: Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc2017-03-23

📋Vendor Advisories

2
Ubuntu
JasPer vulnerabilities2018-06-27
Red Hat
jasper: integer truncation in jas_image_cmpt_create()2016-11-06

💬Community

5
Bugzilla
CVE-2016-9262 mingw-jasper: jasper: Multiple overflow vulnerabilities leading to use after free [epel-7]2016-11-10
Bugzilla
CVE-2016-9262 jasper: Multiple overflow vulnerabilities leading to use after free [epel-5]2016-11-10
Bugzilla
CVE-2016-9262 jasper: integer truncation in jas_image_cmpt_create()2016-11-10
Bugzilla
CVE-2016-9262 mingw-jasper: jasper: Multiple overflow vulnerabilities leading to use after free [fedora-all]2016-11-10
Bugzilla
CVE-2016-9262 jasper: Multiple overflow vulnerabilities leading to use after free [fedora-all]2016-11-10
CVE-2016-9262 (MEDIUM CVSS 5.5) | Multiple integer overflows in the ( | cvebase.io