CVE-2016-9262
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-9262
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9262.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-9262
- Downstream
- Related
- Published
- 2017-03-23T18:59:00Z
- Modified
- 2025-11-09T14:56:04.340631Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Multiple integer overflows in the (1) jasrealloc function in base/jasmalloc.c and (2) memresize function in base/jasstream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.
- References
-
- http://www.openwall.com/lists/oss-security/2016/11/10/4
- http://www.securityfocus.com/bid/94224
- https://access.redhat.com/errata/RHSA-2017:1208
- https://blogs.gentoo.org/ago/2016/11/07/jasper-use-after-free-in-jas_realloc-jas_malloc-c
- https://bugzilla.redhat.com/show_bug.cgi?id=1393882
- https://github.com/mdadams/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735
- https://security.gentoo.org/glsa/201707-07
- https://usn.ubuntu.com/3693-1/
Affected packages
Git / github.com/jasper-software/jasper
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jasper-software/jasper
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
mdadams-clang-issue
version-1.*
version-1.900.1
version-1.900.10
version-1.900.11
version-1.900.12
version-1.900.13
version-1.900.14
version-1.900.15
version-1.900.16
version-1.900.17
version-1.900.18
version-1.900.19
version-1.900.2
version-1.900.20
version-1.900.21
version-1.900.3
version-1.900.4
version-1.900.5
version-1.900.6
version-1.900.7
version-1.900.8
version-1.900.9
Database specific
vanir_signatures
[
{
"id": "CVE-2016-9262-0cb43208",
"source": "https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735",
"digest": {
"line_hashes": [
"219724719990652264889628271608876014598",
"118357592843772031776422445580785530354",
"310586534175906227483175714422220090361",
"183667670041666856068458692903330977650",
"32432434967389144469594513051290254616",
"149499721006600695385588556943438122304",
"116009489345788889515150588328370174143"
],
"threshold": 0.9
},
"target": {
"file": "src/libjasper/include/jasper/jas_stream.h"
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2016-9262-116a56e0",
"source": "https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735",
"digest": {
"length": 1214.0,
"function_hash": "107365459055405317809086758026668971025"
},
"target": {
"file": "src/libjasper/base/jas_stream.c",
"function": "mem_write"
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function"
},
{
"id": "CVE-2016-9262-31c317cd",
"source": "https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735",
"digest": {
"length": 192.0,
"function_hash": "306249751145395822357481133631806382195"
},
"target": {
"file": "src/libjasper/base/jas_stream.c",
"function": "jas_stream_gobble"
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function"
},
{
"id": "CVE-2016-9262-46a99910",
"source": "https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735",
"digest": {
"line_hashes": [
"120293285447863782994410019962557978870",
"175866128817032302889822694878780095425",
"11309053317658463145195600339472461622",
"95282903951730026644386389065917975282"
],
"threshold": 0.9
},
"target": {
"file": "src/libjasper/base/jas_image.c"
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2016-9262-49a8c5d7",
"source": "https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735",
"digest": {
"line_hashes": [
"198016580937250085661400254721907925877",
"74977991203059858676247979542269997394",
"28414307166618861384685792422155039532"
],
"threshold": 0.9
},
"target": {
"file": "src/libjasper/include/jasper/jas_debug.h"
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2016-9262-7025dfac",
"source": "https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735",
"digest": {
"line_hashes": [
"318058704784137261778353391132265888292",
"121859094996257706222624047863020389700",
"95112315334303378708601303427639806391",
"1169363991345786512976083530781633520",
"38105903932713202247675469455018481633",
"127107462986842405834283876229869721736",
"288489433665156828298277767155033594753",
"182363861686656335653834784039274986720",
"267500409142905049773585574842340849649",
"157389854956232376956932457410759730506",
"132746329559886733339644852645316792476",
"298489451390871533712167616866457124495",
"228487709909153299239151026632638455027",
"43676874433392929830526152710121404460",
"248085734641025010408105353823158221277",
"213526631310549727030056512551189842674",
"217350954414303395373204088737546629171",
"163875592641492836341430872516405121214",
"248085734641025010408105353823158221277",
"21968914452513929748931956606633778174",
"325155387619586168378383237146475671517",
"332358959453952743576446767128925725711",
"228425453855918294439283761078357875596",
"333789126061841303577183476379595498088",
"335187877480414143385042983283458239460",
"323151671391306774399281415437207046782",
"59702850803853142551966765801454093124",
"286883729491788700503570314797927362150",
"163706843128128951283255948786281900945",
"116087350261429896912767824483300282634",
"55773590819217296651919556365457123117",
"20278755280031648724823858678384118816",
"221471483590746626467946147905170847666",
"258492972875782240454643932959359523253",
"177132024126956043219203108659884259583",
"237971912953420006931115647071568697551",
"202951835245307066866641115807475744563",
"209763680972349204659354815788944834632",
"525979416025719320450975315810310702",
"70970118484156658674434464834437885662",
"338155506006494282656612890029877348562",
"47089471943668842137288540501374631436",
"53089760338726211053781367864998923929",
"116778007951636609886675548948884673760",
"115511691787180364336348658761487703397",
"80103926750283754566728194084174213917",
"269202434169252821684756510798885812227",
"101161000978058270994213333980107717953",
"265546185880268898552921676461601074166",
"245554665737767739657342202225851358941",
"19644029247338431082099547789508282293",
"299665350200214706984293930710102463250",
"320403903476001421447510606174509992392",
"93472632449288801190831574306251527710"
],
"threshold": 0.9
},
"target": {
"file": "src/libjasper/base/jas_stream.c"
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2016-9262-76d799ee",
"source": "https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735",
"digest": {
"length": 253.0,
"function_hash": "336961532597015522390015666127249129953"
},
"target": {
"file": "src/libjasper/base/jas_stream.c",
"function": "jas_stream_read"
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function"
},
{
"id": "CVE-2016-9262-849d211d",
"source": "https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735",
"digest": {
"length": 210.0,
"function_hash": "124570874082151535827709451320174503838"
},
"target": {
"file": "src/libjasper/base/jas_stream.c",
"function": "jas_stream_pad"
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function"
},
{
"id": "CVE-2016-9262-9abe70d0",
"source": "https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735",
"digest": {
"length": 243.0,
"function_hash": "254384913492403561667907704492868260123"
},
"target": {
"file": "src/libjasper/base/jas_stream.c",
"function": "jas_stream_write"
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function"
},
{
"id": "CVE-2016-9262-b33a0b34",
"source": "https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735",
"digest": {
"length": 452.0,
"function_hash": "314134384356235645966067672322173596306"
},
"target": {
"file": "src/libjasper/base/jas_stream.c",
"function": "mem_resize"
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function"
}
]