Integer overflow in the jpcdectiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.
{ "vanir_signatures": [ { "source": "https://github.com/jasper-software/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568", "signature_version": "v1", "id": "CVE-2016-10249-945a7f8b", "deprecated": false, "target": { "file": "src/libjasper/base/jas_malloc.c", "function": "jas_realloc" }, "digest": { "function_hash": "300478963168570331364040884393286397351", "length": 268.0 }, "signature_type": "Function" }, { "source": "https://github.com/jasper-software/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568", "signature_version": "v1", "id": "CVE-2016-10249-b5b2aa64", "deprecated": false, "target": { "file": "src/libjasper/base/jas_malloc.c" }, "digest": { "line_hashes": [ "224728097634974464902147702675679673510", "227679662129121746679273766097734534711", "297876043422692014803926771248806648017", "128844959535177949372273000816554496721", "282867653870788863673869149389959335594", "218169481852701438493356891934225779225", "10944063086675199930821855458879307967", "26187815982908386493510520381612832466" ], "threshold": 0.9 }, "signature_type": "Line" }, { "source": "https://github.com/jasper-software/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568", "signature_version": "v1", "id": "CVE-2016-10249-eeb3cd3c", "deprecated": false, "target": { "file": "src/libjasper/base/jas_seq.c" }, "digest": { "line_hashes": [ "44323687333533617319453288928927361252", "210302531567909090120930747627734342435", "334590671142675082474223698543763095998", "258279521105178228459056989138676469121", "49451047680289029338474820356832621327", "181351937152548624173973933771369711923", "138696785231965673721718685731897860876", "257706036048045309975110992950935290514", "140679284528583326243928979501545445853", "268221771023073486752551875176599356688", "258572505434520516348566004854204540029", "294342430429536547676291893321756856026", "299669753658418825268661979562225213802", "161125289038828544111129104458484422970", "15882812099099494741192142950015689719", "265521762874007337423000192320183174111", "160839986862202076876568898342939773822", "38014062894216826713984996018803786098", "41239960370357698123881764134313518489", "62944039980261900189158568577827797288", "28262054680385894056278409879466471608", "227204251966232434670100350774141092594", "175751363467648750190859222830538514459", "160839986862202076876568898342939773822", "159317712119973861672055694226920808719", "9721974707437936973997726115255104467", "260898893156259557819223478899057526385", "241945187954586627623367713838136367184", "153140681974549216992849125026359082370" ], "threshold": 0.9 }, "signature_type": "Line" }, { "source": "https://github.com/jasper-software/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568", "signature_version": "v1", "id": "CVE-2016-10249-f2d77cdc", "deprecated": false, "target": { "file": "src/libjasper/base/jas_malloc.c", "function": "jas_malloc" }, "digest": { "function_hash": "159357830609375727047627300561463677202", "length": 219.0 }, "signature_type": "Function" }, { "source": "https://github.com/jasper-software/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568", "signature_version": "v1", "id": "CVE-2016-10249-ff9fea05", "deprecated": false, "target": { "file": "src/libjasper/base/jas_seq.c", "function": "jas_matrix_create" }, "digest": { "function_hash": "277604512109896122372543693420945674317", "length": 953.0 }, "signature_type": "Function" } ] }