The jp2colrdestroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).
{ "vanir_signatures": [ { "signature_version": "v1", "target": { "file": "src/libjasper/jp2/jp2_dec.c" }, "deprecated": false, "source": "https://github.com/jasper-software/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d", "digest": { "line_hashes": [ "50701667098450232897669611192440229775", "338076433796758030512808625302044573068", "324309987570099149972494763007595930763", "224182038965493698539519420357645987232" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2016-8887-9d409d97" }, { "signature_version": "v1", "target": { "file": "src/libjasper/jp2/jp2_dec.c", "function": "jp2_decode" }, "deprecated": false, "source": "https://github.com/jasper-software/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d", "digest": { "length": 7288.0, "function_hash": "319618119064158989381023722366510105818" }, "signature_type": "Function", "id": "CVE-2016-8887-bafe3d72" }, { "signature_version": "v1", "target": { "file": "src/libjasper/jp2/jp2_cod.c" }, "deprecated": false, "source": "https://github.com/jasper-software/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d", "digest": { "line_hashes": [ "221267666943798567501408066124259172212", "208160112183049958527465613144070537871", "116037558554707769102437633966911769677", "262463792489045736920271914399257841767", "69777698812558398975421155251324740271", "129362356682636422634674043527455250059", "28176063121865665378654204168561871458", "332418229748532078438734901431071398185" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2016-8887-cbb81028" }, { "signature_version": "v1", "target": { "file": "src/libjasper/jp2/jp2_cod.c", "function": "jp2_box_get" }, "deprecated": false, "source": "https://github.com/jasper-software/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d", "digest": { "length": 1388.0, "function_hash": "14110781456049632284308564067589629719" }, "signature_type": "Function", "id": "CVE-2016-8887-ef9beab2" } ] }