CVE-2016-9390

CWE-20Improper Input ValidationCWE-617Reachable Assertion12 documents7 sources
Severity
5.5MEDIUM
EPSS
0.5%
top 35.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jasper Project Jasper
Timeline
PublishedMar 23
Latest updateMay 14

Description

The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Ubuntujasper< 1.900.1-14ubuntu3.5+1
NVDjasper_project/jasper1.900.13

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-cr6p-r85c-36p2: The jas_seq2d_create function in jas_seq2022-05-14
OSV
CVE-2016-9390: The jas_seq2d_create function in jas_seq2017-03-23
CVEList
CVE-2016-9390: The jas_seq2d_create function in jas_seq2017-03-23

📋Vendor Advisories

2
Ubuntu
JasPer vulnerabilities2018-06-27
Red Hat
jasper: insufficient SIZ marker tilexoff and tileyoff checks2016-10-24

💬Community

5
Bugzilla
CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9395 CVE-2016-9396 CVE-2016-9397 CVE-2016-9398 CVE-2016-9399 mingw-jasper: vari2016-11-21
Bugzilla
CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9395 CVE-2016-9396 CVE-2016-9397 CVE-2016-9398 CVE-2016-9399 jasper: various fl2016-11-21
Bugzilla
CVE-2016-9390 jasper: insufficient SIZ marker tilexoff and tileyoff checks2016-11-21
Bugzilla
CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9395 CVE-2016-9396 CVE-2016-9397 CVE-2016-9398 CVE-2016-9399 CVE-2016-9557 CVE-2016-11-21
Bugzilla
CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9396 CVE-2016-9560 jasper: various flaws [fedora-all]2016-11-21