CVE-2017-6851
published 2017-03-15CVE-2017-6851: The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image.
PriorityP420medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
EPSS
1.51%
71.2th percentile
The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jasper_project | jasper | <= 2.0.9 | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
jasper: Invalid memory read in jas_matrix_bindsub (jas_seq.c)
vendor_redhat·2017-01-21·CVSS 5.5
CVE-2017-6851 [MEDIUM] jasper: Invalid memory read in jas_matrix_bindsub (jas_seq.c)
jasper: Invalid memory read in jas_matrix_bindsub (jas_seq.c)
The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image.
Package: netpbm (Red Hat Enterprise Linux 5) - Not affected
Package: jasper (Red Hat Enterprise Linux 6) - Will not fix
Package: jasper (Red Hat Enterprise Linux 7) - Will not fix
Package: mingw-virt-viewer (Red Hat Enterprise Virtualization 3) - Will not fix
GHSA
GHSA-6ww4-5qw3-6h8q: The jas_matrix_bindsub function in jas_seq
ghsa_unreviewed·2022-05-14
CVE-2017-6851 [MEDIUM] CWE-125 GHSA-6ww4-5qw3-6h8q: The jas_matrix_bindsub function in jas_seq
The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-6851 jasper: Invalid memory read in jas_matrix_bindsub (jas_seq.c)
bugzilla·2017-03-23·CVSS 5.5
CVE-2017-6851 [MEDIUM] CVE-2017-6851 jasper: Invalid memory read in jas_matrix_bindsub (jas_seq.c)
CVE-2017-6851 jasper: Invalid memory read in jas_matrix_bindsub (jas_seq.c)
The jas_matrix_bindsub function in jas_seq.c in JasPer allows attackers to cause a denial of service (invalid read) via a crafted image.
References:
https://blogs.gentoo.org/ago/2017/01/25/jasper-invalid-memory-read-in-jas_matrix_bindsub-jas_seq-c/
http://www.openwall.com/lists/oss-security/2017/01/25/9
Upstream bug:
https://github.com/mdadams/jasper/issues/113
Discussion:
Created jasper tracking bugs for this issue:
Affects: fedora-all [bug 1434464]
---
Created mingw-jasper tracking bugs for this issue:
Affects: epel-7 [bug 1434465]
---
Created mingw-jasper tracking bugs for this issue:
Affects: fedora-all [bug 1434467]
---
Original reporter's advisory:
https://blogs.gentoo.org/ago/2017/01/25/jasp
Bugzilla
CVE-2016-10248 CVE-2016-10251 CVE-2017-1000050 CVE-2017-13745 CVE-2017-13746 CVE-2017-13747 CVE-2017-13748 CVE-2017-13749 CVE-2017-13750 CVE-2017-13751 CVE-2017-13752 CVE-2017-14132 CVE-2017-6850 CVE-
bugzilla·2017-03-21·CVSS 7.5
CVE-2016-10248 [HIGH] CVE-2016-10248 CVE-2016-10251 CVE-2017-1000050 CVE-2017-13745 CVE-2017-13746 CVE-2017-13747 CVE-2017-13748 CVE-2017-13749 CVE-2017-13750 CVE-2017-13751 CVE-2017-13752 CVE-2017-14132 CVE-2017-6850 CVE-
CVE-2016-10248 CVE-2016-10251 CVE-2017-1000050 CVE-2017-13745 CVE-2017-13746 CVE-2017-13747 CVE-2017-13748 CVE-2017-13749 CVE-2017-13750 CVE-2017-13751 CVE-2017-13752 CVE-2017-14132 CVE-2017-6850 CVE-2017-6851 ... mingw-jasper: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the re
Bugzilla
CVE-2016-10251 CVE-2017-1000050 CVE-2017-13745 CVE-2017-13746 CVE-2017-13747 CVE-2017-13748 CVE-2017-13749 CVE-2017-13750 CVE-2017-13751 CVE-2017-13752 CVE-2017-14132 CVE-2017-6850 CVE-2017-6851 CVE-2
bugzilla·2017-03-21·CVSS 7.8
CVE-2016-10251 [HIGH] CVE-2016-10251 CVE-2017-1000050 CVE-2017-13745 CVE-2017-13746 CVE-2017-13747 CVE-2017-13748 CVE-2017-13749 CVE-2017-13750 CVE-2017-13751 CVE-2017-13752 CVE-2017-14132 CVE-2017-6850 CVE-2017-6851 CVE-2
CVE-2016-10251 CVE-2017-1000050 CVE-2017-13745 CVE-2017-13746 CVE-2017-13747 CVE-2017-13748 CVE-2017-13749 CVE-2017-13750 CVE-2017-13751 CVE-2017-13752 CVE-2017-14132 CVE-2017-6850 CVE-2017-6851 CVE-2017-6852 ... mingw-jasper: various flaws [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant to
Bugzilla
CVE-2016-9396 CVE-2016-9397 CVE-2016-9398 CVE-2016-9399 CVE-2017-1000050 CVE-2017-13745 CVE-2017-13746 CVE-2017-13747 CVE-2017-13748 CVE-2017-13749 CVE-2017-13750 CVE-2017-13751 CVE-2017-13752 CVE-201
bugzilla·2017-03-21·CVSS 7.5
CVE-2016-9396 [HIGH] CVE-2016-9396 CVE-2016-9397 CVE-2016-9398 CVE-2016-9399 CVE-2017-1000050 CVE-2017-13745 CVE-2017-13746 CVE-2017-13747 CVE-2017-13748 CVE-2017-13749 CVE-2017-13750 CVE-2017-13751 CVE-2017-13752 CVE-201
CVE-2016-9396 CVE-2016-9397 CVE-2016-9398 CVE-2016-9399 CVE-2017-1000050 CVE-2017-13745 CVE-2017-13746 CVE-2017-13747 CVE-2017-13748 CVE-2017-13749 CVE-2017-13750 CVE-2017-13751 CVE-2017-13752 CVE-2017-14132 ... jasper: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant t
https://blogs.gentoo.org/ago/2017/01/25/jasper-invalid-memory-read-in-jas_matrix_bindsub-jas_seq-c/https://github.com/mdadams/jasper/issues/113https://security.gentoo.org/glsa/201908-03https://blogs.gentoo.org/ago/2017/01/25/jasper-invalid-memory-read-in-jas_matrix_bindsub-jas_seq-c/https://github.com/mdadams/jasper/issues/113https://security.gentoo.org/glsa/201908-03
2017-03-15
Published