CVE-2016-9387
Severity
7.8HIGH
EPSS
0.3%
top 44.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 23
Latest updateMay 14
Description
Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages2 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-w66x-crr7-57qh: Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec↗2022-05-14
OSV▶
CVE-2016-9387: Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec↗2017-03-23
CVEList▶
CVE-2016-9387: Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec↗2017-03-23
📋Vendor Advisories
2💬Community
5Bugzilla▶
CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9395 CVE-2016-9396 CVE-2016-9397 CVE-2016-9398 CVE-2016-9399 mingw-jasper: vari↗2016-11-21
Bugzilla▶
CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9395 CVE-2016-9396 CVE-2016-9397 CVE-2016-9398 CVE-2016-9399 jasper: various fl↗2016-11-21
Bugzilla▶
CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9395 CVE-2016-9396 CVE-2016-9397 CVE-2016-9398 CVE-2016-9399 CVE-2016-9557 CVE-↗2016-11-21
Bugzilla▶
CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9396 CVE-2016-9560 jasper: various flaws [fedora-all]↗2016-11-21