CVE-2016-9560

CWE-787Out-of-bounds WriteCWE-121Stack-based Buffer Overflow9 documents7 sources
Severity
7.8HIGH
EPSS
0.4%
top 40.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Jasper Project JasperDebian Debian LinuxRedhat Enterprise Linux Desktop+5 more
Timeline
PublishedFeb 15
Latest updateMay 13

Description

Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

NVDjasper_project/jasper< 1.900.30
Ubuntujasper< 1.900.1-14ubuntu3.4+1

Also affects: Debian Linux 8.0, Enterprise Linux 7.3, 7.4, 7.5, 7.6, 7.7

Patches

Patch: www.openwall.comPatch: www.openwall.comPatch: blogs.gentoo.org

🔴Vulnerability Details

3
GHSA
GHSA-wf8h-4pv3-m27q: Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb2022-05-13
OSV
CVE-2016-9560: Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb2017-02-15
CVEList
CVE-2016-9560: Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb2017-02-15

📋Vendor Advisories

2
Ubuntu
JasPer vulnerabilities2017-05-18
Red Hat
jasper: stack-based buffer overflow in jpc_dec_tileinit()2016-11-20

💬Community

3
Bugzilla
CVE-2016-9560 jasper: stack-based buffer overflow in jpc_dec_tileinit()2016-11-24
Bugzilla
CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9395 CVE-2016-9396 CVE-2016-9397 CVE-2016-9398 CVE-2016-9399 CVE-2016-9557 CVE-2016-11-21
Bugzilla
CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9396 CVE-2016-9560 jasper: various flaws [fedora-all]2016-11-21
CVE-2016-9560 (HIGH CVSS 7.8) | Stack-based buffer overflow in the | cvebase.io