CVE-2016-9397

Published: Mar 23, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

Affected (3)

Products: Jasper Project: Jasper · Fedoraproject: Fedora

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jasper Project Jasper	Version 1.900.13

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 32
Fedoraproject Fedora	Version 33

Related CWEs

CWE-617

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (12)

http://www.openwall.com/lists/oss-security/2016/11/17/1

Source: cve@mitre.org

Mailing ListPatchThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/94373

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure

Source: cve@mitre.org

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1396979

Source: cve@mitre.org

Issue TrackingThird Party AdvisoryVDB Entry

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2016/11/17/1