CVE-2016-10248

Published: Mar 15, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.

Affected (1)

Products: Jasper Project: Jasper

Jasper Project

1 product

Jasper

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jasper Project Jasper	Up to 1.900.8

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (10)

http://www.securityfocus.com/bid/93797

Source: cve@mitre.org

https://access.redhat.com/errata/RHSA-2017:1208

Source: cve@mitre.org

https://blogs.gentoo.org/ago/2016/10/20/jasper-null-pointer-dereference-in-jpc_tsfb_synthesize-jpc_tsfb-c/

Source: cve@mitre.org

ExploitIssue TrackingPatchThird Party AdvisoryVDB Entry

https://github.com/mdadams/jasper/commit/2e82fa00466ae525339754bb3ab0a0474a31d4bd

Source: cve@mitre.org

PatchThird Party Advisory

https://usn.ubuntu.com/3693-1/

Source: cve@mitre.org

http://www.securityfocus.com/bid/93797