CVE-2016-10249

Integer overflow in the jpcdectiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.

References

Affected packages

Git / github.com/jasper-software/jasper

Affected ranges

Type: GIT
Repo: https://github.com/jasper-software/jasper
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

988f8365f7d8ad8073b6786e433d34c553ecf568

Type: GIT
Repo: https://github.com/mdadams/jasper
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

c5e348fe606635378bce71b658e3e899517208c2

Affected versions

version-1.*

version-1.900.1

version-1.900.10

version-1.900.11

version-1.900.2

version-1.900.3

version-1.900.4

version-1.900.5

version-1.900.6

version-1.900.7

version-1.900.8

version-1.900.9

Database specific

{
    "vanir_signatures": [
        {
            "source": "https://github.com/jasper-software/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568",
            "signature_version": "v1",
            "id": "CVE-2016-10249-945a7f8b",
            "deprecated": false,
            "target": {
                "file": "src/libjasper/base/jas_malloc.c",
                "function": "jas_realloc"
            },
            "digest": {
                "function_hash": "300478963168570331364040884393286397351",
                "length": 268.0
            },
            "signature_type": "Function"
        },
        {
            "source": "https://github.com/jasper-software/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568",
            "signature_version": "v1",
            "id": "CVE-2016-10249-b5b2aa64",
            "deprecated": false,
            "target": {
                "file": "src/libjasper/base/jas_malloc.c"
            },
            "digest": {
                "line_hashes": [
                    "224728097634974464902147702675679673510",
                    "227679662129121746679273766097734534711",
                    "297876043422692014803926771248806648017",
                    "128844959535177949372273000816554496721",
                    "282867653870788863673869149389959335594",
                    "218169481852701438493356891934225779225",
                    "10944063086675199930821855458879307967",
                    "26187815982908386493510520381612832466"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        },
        {
            "source": "https://github.com/jasper-software/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568",
            "signature_version": "v1",
            "id": "CVE-2016-10249-eeb3cd3c",
            "deprecated": false,
            "target": {
                "file": "src/libjasper/base/jas_seq.c"
            },
            "digest": {
                "line_hashes": [
                    "44323687333533617319453288928927361252",
                    "210302531567909090120930747627734342435",
                    "334590671142675082474223698543763095998",
                    "258279521105178228459056989138676469121",
                    "49451047680289029338474820356832621327",
                    "181351937152548624173973933771369711923",
                    "138696785231965673721718685731897860876",
                    "257706036048045309975110992950935290514",
                    "140679284528583326243928979501545445853",
                    "268221771023073486752551875176599356688",
                    "258572505434520516348566004854204540029",
                    "294342430429536547676291893321756856026",
                    "299669753658418825268661979562225213802",
                    "161125289038828544111129104458484422970",
                    "15882812099099494741192142950015689719",
                    "265521762874007337423000192320183174111",
                    "160839986862202076876568898342939773822",
                    "38014062894216826713984996018803786098",
                    "41239960370357698123881764134313518489",
                    "62944039980261900189158568577827797288",
                    "28262054680385894056278409879466471608",
                    "227204251966232434670100350774141092594",
                    "175751363467648750190859222830538514459",
                    "160839986862202076876568898342939773822",
                    "159317712119973861672055694226920808719",
                    "9721974707437936973997726115255104467",
                    "260898893156259557819223478899057526385",
                    "241945187954586627623367713838136367184",
                    "153140681974549216992849125026359082370"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        },
        {
            "source": "https://github.com/jasper-software/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568",
            "signature_version": "v1",
            "id": "CVE-2016-10249-f2d77cdc",
            "deprecated": false,
            "target": {
                "file": "src/libjasper/base/jas_malloc.c",
                "function": "jas_malloc"
            },
            "digest": {
                "function_hash": "159357830609375727047627300561463677202",
                "length": 219.0
            },
            "signature_type": "Function"
        },
        {
            "source": "https://github.com/jasper-software/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568",
            "signature_version": "v1",
            "id": "CVE-2016-10249-ff9fea05",
            "deprecated": false,
            "target": {
                "file": "src/libjasper/base/jas_seq.c",
                "function": "jas_matrix_create"
            },
            "digest": {
                "function_hash": "277604512109896122372543693420945674317",
                "length": 953.0
            },
            "signature_type": "Function"
        }
    ]
}