CVE-2016-2089

Published: Feb 8, 2016Modified: May 6, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.

Affected (1)

Products: Jasper Project: Jasper

Jasper Project

1 product

Jasper

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jasper Project Jasper	Version 1.900.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (14)

http://lists.opensuse.org/opensuse-updates/2016-02/msg00060.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2016-02/msg00063.html

Source: cve@mitre.org

http://www.debian.org/security/2016/dsa-3508

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2016/01/28/4

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2016/01/28/6

Source: cve@mitre.org

http://www.securityfocus.com/bid/83108

Source: cve@mitre.org

https://access.redhat.com/errata/RHSA-2017:1208

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2016-02/msg00060.html