CVE-2016-8690

The bmpgetdata function in libjasper/bmp/bmpdec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.

References

Affected packages

Git / github.com/jasper-software/jasper

Affected ranges

Type: GIT
Repo: https://github.com/jasper-software/jasper
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8f62b4761711d036fd8964df256b938c809b7fca

Affected versions

version-1.*

version-1.900.1

version-1.900.2

version-1.900.3

version-1.900.4

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/jasper-software/jasper/commit/8f62b4761711d036fd8964df256b938c809b7fca",
        "signature_type": "Function",
        "digest": {
            "function_hash": "66100305976557021260323919316046401850",
            "length": 299.0
        },
        "target": {
            "file": "src/libjasper/bmp/bmp_dec.c",
            "function": "bmp_getint32"
        },
        "id": "CVE-2016-8690-1dc17d4f"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/jasper-software/jasper/commit/8f62b4761711d036fd8964df256b938c809b7fca",
        "signature_type": "Function",
        "digest": {
            "function_hash": "213617828846547727723494566477772051686",
            "length": 1914.0
        },
        "target": {
            "file": "src/libjasper/bmp/bmp_dec.c",
            "function": "bmp_decode"
        },
        "id": "CVE-2016-8690-3938ad35"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/jasper-software/jasper/commit/8f62b4761711d036fd8964df256b938c809b7fca",
        "signature_type": "Function",
        "digest": {
            "function_hash": "40322919905498405174449292975345824606",
            "length": 1420.0
        },
        "target": {
            "file": "src/appl/imginfo.c",
            "function": "main"
        },
        "id": "CVE-2016-8690-3a5a2eee"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/jasper-software/jasper/commit/8f62b4761711d036fd8964df256b938c809b7fca",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "181820624645332316835688706943810946808",
                "329105686860489160168816487363808527512",
                "276539067314882748630872611054448464292",
                "158192644939149192445570085871591297318",
                "208965144491898577108813205998831745822",
                "4122801749960777540834052315519535024",
                "142263042621370806424033757542886125709",
                "42565527848248093208496085963656418814",
                "255371838084286291518779166369532030349",
                "158620267200104606806512596493185211891",
                "328395650043700766086867180151202169961",
                "46745996152217120827170299555857063790",
                "252537028367516966415831113960354158215",
                "282069120938682375437507524119936274787",
                "144560029070876181774947806390217852173",
                "299041156820585592649228147128195812542",
                "41901252007675484487775393656625628949",
                "121725277276263077866240958418595695721",
                "112683634607391705900150923707263008029",
                "253679924570002653277208191558863778043",
                "104463176392231351738277949096687572862",
                "32165346945382003006634725249999679148",
                "93410045872292919820441287013174867116",
                "129210761667170328744260800386294493718",
                "145081447107833352101560261191002340223",
                "225506184587720535972580066092064752660",
                "176643618480245954580907452949390513888"
            ]
        },
        "target": {
            "file": "src/appl/imginfo.c"
        },
        "id": "CVE-2016-8690-d59629c8"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/jasper-software/jasper/commit/8f62b4761711d036fd8964df256b938c809b7fca",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "99572489347031668573427421545432737600",
                "4381023761653975748473089033620035513",
                "310883684700255750989195991273887879936",
                "236954564205398126926679791371214327625",
                "69116038732016939922742827558794222153",
                "320822478332094480977870656009263395447",
                "191705783300308703803216468489584656095",
                "91008852383565739544418658022675710331",
                "193134872678604225381121387858645529635",
                "131063136532120762312635054533434889072",
                "33265852877468525037764300243404566544",
                "307346648271895787359967182948876382319",
                "127224140450762438916414560602789317843",
                "116622965320456975737134597275156594283",
                "193592033497248749039692788905009316794",
                "60401635337873261102152340551019068265"
            ]
        },
        "target": {
            "file": "src/libjasper/bmp/bmp_dec.c"
        },
        "id": "CVE-2016-8690-e534b403"
    }
]

Git / github.com/mdadams/jasper

Affected ranges

Type: GIT
Repo: https://github.com/mdadams/jasper
Events: Introduced

0 Unknown introduced commit / All previous commits are affected