A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.
{ "vanir_signatures": [ { "source": "https://github.com/jasper-software/jasper/commit/4a59cfaf9ab3d48fca4a15c0d2674bf7138e3d1a", "signature_version": "v1", "signature_type": "Function", "id": "CVE-2016-8654-0dcf8ffb", "target": { "file": "src/libjasper/jpc/jpc_qmfb.c", "function": "jpc_qmfb_split_colgrp" }, "digest": { "function_hash": "186195089228374234410065704768766963377", "length": 1346.0 }, "deprecated": false }, { "source": "https://github.com/jasper-software/jasper/commit/4a59cfaf9ab3d48fca4a15c0d2674bf7138e3d1a", "signature_version": "v1", "signature_type": "Line", "id": "CVE-2016-8654-1694dfe7", "target": { "file": "src/libjasper/jpc/jpc_qmfb.c" }, "digest": { "line_hashes": [ "91439763672008926014304468047359040463", "39422614836085523475719587765514811988", "66214935530393369936941939654568573157", "223093940676283065771569038798405738741", "19944127579799130453828704799952755182", "337567256585894419231491724210265492739", "62682416456756734888778215733668874549", "111945803449391037881280178009045452010", "54154213729979605192265990114048829584", "199940814023961152752121388932698874529", "299475768269001199775499735647832994195", "181244372587943920516132100894316807453", "332017236802858246829452018839956202615", "48490655970433916981635400964725131650", "244090500458065342013403445253238116896", "231998259697245499165510730504102844654", "223093940676283065771569038798405738741", "37252762511398032756581321201460685593", "95959080991199268081408047512902503450", "228213796523644901293057852217498264196", "19944127579799130453828704799952755182", "337567256585894419231491724210265492739", "62682416456756734888778215733668874549", "111945803449391037881280178009045452010", "54154213729979605192265990114048829584", "199940814023961152752121388932698874529", "299475768269001199775499735647832994195", "181244372587943920516132100894316807453", "332017236802858246829452018839956202615", "231998259697245499165510730504102844654", "223093940676283065771569038798405738741", "37252762511398032756581321201460685593", "95959080991199268081408047512902503450", "3680946299615339993841376544869650058", "158573102666972448215910537978772244733", "119640466026782114614037649675453772399", "55360655578363361157439779597935072385" ], "threshold": 0.9 }, "deprecated": false }, { "source": "https://github.com/jasper-software/jasper/commit/4a59cfaf9ab3d48fca4a15c0d2674bf7138e3d1a", "signature_version": "v1", "signature_type": "Function", "id": "CVE-2016-8654-bf200df6", "target": { "file": "src/libjasper/jpc/jpc_qmfb.c", "function": "jpc_qmfb_split_colres" }, "digest": { "function_hash": "108930823408400980924474710345560198316", "length": 1290.0 }, "deprecated": false } ] }