CVE-2016-9394

Published: Mar 23, 2017Modified: May 13, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

Affected (1)

Products: Jasper Project: Jasper

Jasper Project

1 product

Jasper

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jasper Project Jasper	Up to 1.900.16

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (14)

http://www.openwall.com/lists/oss-security/2016/11/17/1

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/94372

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:1208

Source: cve@mitre.org

https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure

Source: cve@mitre.org

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1396975

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330

Source: cve@mitre.org

Issue TrackingPatchVendor Advisory

https://usn.ubuntu.com/3693-1/

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2016/11/17/1