CVE-2016-10249

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-10249
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10249.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-10249
Downstream
Related
Published
2017-03-15T14:59:00Z
Modified
2025-10-15T08:00:19.387098Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Integer overflow in the jpcdectiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.

References

Affected packages

Git / github.com/jasper-software/jasper

Affected ranges

Type
GIT
Repo
https://github.com/jasper-software/jasper
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
988f8365f7d8ad8073b6786e433d34c553ecf568
Type
GIT
Repo
https://github.com/mdadams/jasper
Events
Introduced
0 Unknown introduced commit / All previous commits are affected

Affected versions

version-1.*

version-1.900.1
version-1.900.10
version-1.900.11
version-1.900.2
version-1.900.3
version-1.900.4
version-1.900.5
version-1.900.6
version-1.900.7
version-1.900.8
version-1.900.9

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/jasper-software/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568",
        "signature_version": "v1",
        "target": {
            "function": "jas_realloc",
            "file": "src/libjasper/base/jas_malloc.c"
        },
        "digest": {
            "function_hash": "300478963168570331364040884393286397351",
            "length": 268.0
        },
        "id": "CVE-2016-10249-945a7f8b"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://github.com/jasper-software/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568",
        "signature_version": "v1",
        "target": {
            "file": "src/libjasper/base/jas_malloc.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "224728097634974464902147702675679673510",
                "227679662129121746679273766097734534711",
                "297876043422692014803926771248806648017",
                "128844959535177949372273000816554496721",
                "282867653870788863673869149389959335594",
                "218169481852701438493356891934225779225",
                "10944063086675199930821855458879307967",
                "26187815982908386493510520381612832466"
            ]
        },
        "id": "CVE-2016-10249-b5b2aa64"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://github.com/jasper-software/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568",
        "signature_version": "v1",
        "target": {
            "file": "src/libjasper/base/jas_seq.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "44323687333533617319453288928927361252",
                "210302531567909090120930747627734342435",
                "334590671142675082474223698543763095998",
                "258279521105178228459056989138676469121",
                "49451047680289029338474820356832621327",
                "181351937152548624173973933771369711923",
                "138696785231965673721718685731897860876",
                "257706036048045309975110992950935290514",
                "140679284528583326243928979501545445853",
                "268221771023073486752551875176599356688",
                "258572505434520516348566004854204540029",
                "294342430429536547676291893321756856026",
                "299669753658418825268661979562225213802",
                "161125289038828544111129104458484422970",
                "15882812099099494741192142950015689719",
                "265521762874007337423000192320183174111",
                "160839986862202076876568898342939773822",
                "38014062894216826713984996018803786098",
                "41239960370357698123881764134313518489",
                "62944039980261900189158568577827797288",
                "28262054680385894056278409879466471608",
                "227204251966232434670100350774141092594",
                "175751363467648750190859222830538514459",
                "160839986862202076876568898342939773822",
                "159317712119973861672055694226920808719",
                "9721974707437936973997726115255104467",
                "260898893156259557819223478899057526385",
                "241945187954586627623367713838136367184",
                "153140681974549216992849125026359082370"
            ]
        },
        "id": "CVE-2016-10249-eeb3cd3c"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/jasper-software/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568",
        "signature_version": "v1",
        "target": {
            "function": "jas_malloc",
            "file": "src/libjasper/base/jas_malloc.c"
        },
        "digest": {
            "function_hash": "159357830609375727047627300561463677202",
            "length": 219.0
        },
        "id": "CVE-2016-10249-f2d77cdc"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/jasper-software/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568",
        "signature_version": "v1",
        "target": {
            "function": "jas_matrix_create",
            "file": "src/libjasper/base/jas_seq.c"
        },
        "digest": {
            "function_hash": "277604512109896122372543693420945674317",
            "length": 953.0
        },
        "id": "CVE-2016-10249-ff9fea05"
    }
]