CVE-2016-9388

Published: Mar 23, 2017Modified: May 13, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.

Affected (3)

Products: Jasper Project: Jasper · Canonical: Ubuntu Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jasper Project Jasper	Before 1.900.14

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04

Related CWEs

CWE-617

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (14)

http://www.openwall.com/lists/oss-security/2016/11/17/1

Source: cve@mitre.org

Mailing ListPatchVDB Entry

http://www.securityfocus.com/bid/94371

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:1208

Source: cve@mitre.org

Third Party Advisory

https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure

Source: cve@mitre.org

PatchThird Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1396962

Source: cve@mitre.org

Issue TrackingThird Party AdvisoryVDB Entry

https://github.com/mdadams/jasper/commit/411a4068f8c464e883358bf403a3e25158863823

Source: cve@mitre.org

PatchThird Party Advisory

https://usn.ubuntu.com/3693-1/

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/11/17/1