Double free vulnerability in the memclose function in jasstream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
{ "vanir_signatures": [ { "source": "https://github.com/jasper-software/jasper/commit/44a524e367597af58d6265ae2014468b334d0309", "signature_type": "Line", "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "319348426176898312395762141354413540855", "212237252549174315940848886191493667447", "83188621114365130340234383120782591168", "261974774951400936541731396934200432721", "313915629148189820745358666201995060165", "332889218530253578131851361112756377674" ] }, "target": { "file": "src/libjasper/base/jas_stream.c" }, "id": "CVE-2016-8693-06c10e52", "deprecated": false }, { "source": "https://github.com/jasper-software/jasper/commit/44a524e367597af58d6265ae2014468b334d0309", "signature_type": "Function", "signature_version": "v1", "digest": { "length": 295.0, "function_hash": "234442291615711478744387203658053122596" }, "target": { "function": "mem_resize", "file": "src/libjasper/base/jas_stream.c" }, "id": "CVE-2016-8693-d2a394cf", "deprecated": false } ] }