CVE-2016-9557

CWE-190Integer Overflow7 documents6 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 70.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jasper Project Jasper
Timeline
PublishedMar 23
Latest updateMay 17

Description

Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDjasper_project/jasper1.900.24

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-q4c4-wm35-x9g8: Integer overflow in jas_image2022-05-17
CVEList
CVE-2016-9557: Integer overflow in jas_image2017-03-23
OSV
CVE-2016-9557: Integer overflow in jas_image2017-03-23

📋Vendor Advisories

1
Red Hat
jasper: signed integer overflow in jas_image_create()2016-11-12

💬Community

2
Bugzilla
CVE-2016-9557 jasper: signed integer overflow in jas_image_create()2016-11-24
Bugzilla
CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9395 CVE-2016-9396 CVE-2016-9397 CVE-2016-9398 CVE-2016-9399 CVE-2016-9557 CVE-2016-11-21
CVE-2016-9557 (MEDIUM CVSS 5.5) | Integer overflow in jas_image.c in | cvebase.io