The jp2colrdestroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).
{ "vanir_signatures": [ { "source": "https://github.com/jasper-software/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d", "signature_type": "Line", "signature_version": "v1", "target": { "file": "src/libjasper/jp2/jp2_dec.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "50701667098450232897669611192440229775", "338076433796758030512808625302044573068", "324309987570099149972494763007595930763", "224182038965493698539519420357645987232" ] }, "id": "CVE-2016-8887-9d409d97", "deprecated": false }, { "source": "https://github.com/jasper-software/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d", "signature_type": "Function", "signature_version": "v1", "target": { "function": "jp2_decode", "file": "src/libjasper/jp2/jp2_dec.c" }, "digest": { "length": 7288.0, "function_hash": "319618119064158989381023722366510105818" }, "id": "CVE-2016-8887-bafe3d72", "deprecated": false }, { "source": "https://github.com/jasper-software/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d", "signature_type": "Line", "signature_version": "v1", "target": { "file": "src/libjasper/jp2/jp2_cod.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "221267666943798567501408066124259172212", "208160112183049958527465613144070537871", "116037558554707769102437633966911769677", "262463792489045736920271914399257841767", "69777698812558398975421155251324740271", "129362356682636422634674043527455250059", "28176063121865665378654204168561871458", "332418229748532078438734901431071398185" ] }, "id": "CVE-2016-8887-cbb81028", "deprecated": false }, { "source": "https://github.com/jasper-software/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d", "signature_type": "Function", "signature_version": "v1", "target": { "function": "jp2_box_get", "file": "src/libjasper/jp2/jp2_cod.c" }, "digest": { "length": 1388.0, "function_hash": "14110781456049632284308564067589629719" }, "id": "CVE-2016-8887-ef9beab2", "deprecated": false } ] }