CVE-2016-9600

CWE-476NULL Pointer Dereference12 documents8 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 47.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Jasper Project JasperJasper JasperCanonical Ubuntu Linux+6 more
Timeline
PublishedMar 12
Latest updateMay 13

Description

JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

NVDjasper_project/jasper< 2.0.10
Ubuntujasper< 1.900.1-14ubuntu3.5+1
CVEListV5jasper/jasper2.0.10

Also affects: Ubuntu Linux 14.04, 16.04, Enterprise Linux 7.4, 7.6, 7.3, 7.5

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-r486-9x35-xf6g: JasPer before version 22022-05-13
OSV
CVE-2016-9600: JasPer before version 22018-03-12
CVEList
CVE-2016-9600: JasPer before version 22018-03-12

💥Exploits & PoCs

1
Exploit-DB
Wireshark 2.0.0 < 2.0.4 - CORBA IDL Dissectors Denial of Service2016-08-03

📋Vendor Advisories

2
Ubuntu
JasPer vulnerabilities2018-06-27
Red Hat
jasper: JP2 encoder NULL pointer dereference due to uninitialized cmprof_2016-12-29

💬Community

5
Bugzilla
CVE-2016-9600 jasper: JP2 encoder NULL pointer dereference due to uninitialized cmprof_2017-01-04
Bugzilla
CVE-2016-9591 CVE-2016-9600 CVE-2016-10251 jasper: various flaws [fedora-all]2016-12-20
Bugzilla
CVE-2016-9591 CVE-2016-9600 CVE-2017-5503 CVE-2017-5504 CVE-2017-5505 mingw-jasper: various flaws [epel-7]2016-12-20
Bugzilla
CVE-2016-9591 CVE-2016-9600 CVE-2017-5503 CVE-2017-5504 CVE-2017-5505 mingw-jasper: various flaws [fedora-all]2016-12-20
Bugzilla
CVE-2016-9591 CVE-2016-9600 CVE-2017-5503 CVE-2017-5504 CVE-2017-5505 jasper: various flaws [epel-5]2016-12-20
CVE-2016-9600 (MEDIUM CVSS 6.5) | JasPer before version 2.0.10 is vul | cvebase.io