CVE-2016-9262

Multiple integer overflows in the (1) jasrealloc function in base/jasmalloc.c and (2) memresize function in base/jasstream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.

References

Affected packages

Git / github.com/jasper-software/jasper

Affected ranges

Type: GIT
Repo: https://github.com/jasper-software/jasper
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

634ce8e8a5accc0fa05dd2c20d42b4749d4b2735

Type: GIT
Repo: https://github.com/mdadams/jasper
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Affected versions

Other

mdadams-clang-issue

version-1.*

version-1.900.1

version-1.900.10

version-1.900.11

version-1.900.12

version-1.900.13

version-1.900.14

version-1.900.15

version-1.900.16

version-1.900.17

version-1.900.18

version-1.900.19

version-1.900.2

version-1.900.20

version-1.900.21

version-1.900.3

version-1.900.4

version-1.900.5

version-1.900.6

version-1.900.7

version-1.900.8

version-1.900.9

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "id": "CVE-2016-9262-0cb43208",
        "source": "https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735",
        "signature_version": "v1",
        "target": {
            "file": "src/libjasper/include/jasper/jas_stream.h"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "219724719990652264889628271608876014598",
                "118357592843772031776422445580785530354",
                "310586534175906227483175714422220090361",
                "183667670041666856068458692903330977650",
                "32432434967389144469594513051290254616",
                "149499721006600695385588556943438122304",
                "116009489345788889515150588328370174143"
            ]
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2016-9262-116a56e0",
        "source": "https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735",
        "signature_version": "v1",
        "target": {
            "function": "mem_write",
            "file": "src/libjasper/base/jas_stream.c"
        },
        "digest": {
            "function_hash": "107365459055405317809086758026668971025",
            "length": 1214.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2016-9262-31c317cd",
        "source": "https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735",
        "signature_version": "v1",
        "target": {
            "function": "jas_stream_gobble",
            "file": "src/libjasper/base/jas_stream.c"
        },
        "digest": {
            "function_hash": "306249751145395822357481133631806382195",
            "length": 192.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "id": "CVE-2016-9262-46a99910",
        "source": "https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735",
        "signature_version": "v1",
        "target": {
            "file": "src/libjasper/base/jas_image.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "120293285447863782994410019962557978870",
                "175866128817032302889822694878780095425",
                "11309053317658463145195600339472461622",
                "95282903951730026644386389065917975282"
            ]
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "id": "CVE-2016-9262-49a8c5d7",
        "source": "https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735",
        "signature_version": "v1",
        "target": {
            "file": "src/libjasper/include/jasper/jas_debug.h"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "198016580937250085661400254721907925877",
                "74977991203059858676247979542269997394",
                "28414307166618861384685792422155039532"
            ]
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "id": "CVE-2016-9262-7025dfac",
        "source": "https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735",
        "signature_version": "v1",
        "target": {
            "file": "src/libjasper/base/jas_stream.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "318058704784137261778353391132265888292",
                "121859094996257706222624047863020389700",
                "95112315334303378708601303427639806391",
                "1169363991345786512976083530781633520",
                "38105903932713202247675469455018481633",
                "127107462986842405834283876229869721736",
                "288489433665156828298277767155033594753",
                "182363861686656335653834784039274986720",
                "267500409142905049773585574842340849649",
                "157389854956232376956932457410759730506",
                "132746329559886733339644852645316792476",
                "298489451390871533712167616866457124495",
                "228487709909153299239151026632638455027",
                "43676874433392929830526152710121404460",
                "248085734641025010408105353823158221277",
                "213526631310549727030056512551189842674",
                "217350954414303395373204088737546629171",
                "163875592641492836341430872516405121214",
                "248085734641025010408105353823158221277",
                "21968914452513929748931956606633778174",
                "325155387619586168378383237146475671517",
                "332358959453952743576446767128925725711",
                "228425453855918294439283761078357875596",
                "333789126061841303577183476379595498088",
                "335187877480414143385042983283458239460",
                "323151671391306774399281415437207046782",
                "59702850803853142551966765801454093124",
                "286883729491788700503570314797927362150",
                "163706843128128951283255948786281900945",
                "116087350261429896912767824483300282634",
                "55773590819217296651919556365457123117",
                "20278755280031648724823858678384118816",
                "221471483590746626467946147905170847666",
                "258492972875782240454643932959359523253",
                "177132024126956043219203108659884259583",
                "237971912953420006931115647071568697551",
                "202951835245307066866641115807475744563",
                "209763680972349204659354815788944834632",
                "525979416025719320450975315810310702",
                "70970118484156658674434464834437885662",
                "338155506006494282656612890029877348562",
                "47089471943668842137288540501374631436",
                "53089760338726211053781367864998923929",
                "116778007951636609886675548948884673760",
                "115511691787180364336348658761487703397",
                "80103926750283754566728194084174213917",
                "269202434169252821684756510798885812227",
                "101161000978058270994213333980107717953",
                "265546185880268898552921676461601074166",
                "245554665737767739657342202225851358941",
                "19644029247338431082099547789508282293",
                "299665350200214706984293930710102463250",
                "320403903476001421447510606174509992392",
                "93472632449288801190831574306251527710"
            ]
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2016-9262-76d799ee",
        "source": "https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735",
        "signature_version": "v1",
        "target": {
            "function": "jas_stream_read",
            "file": "src/libjasper/base/jas_stream.c"
        },
        "digest": {
            "function_hash": "336961532597015522390015666127249129953",
            "length": 253.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2016-9262-849d211d",
        "source": "https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735",
        "signature_version": "v1",
        "target": {
            "function": "jas_stream_pad",
            "file": "src/libjasper/base/jas_stream.c"
        },
        "digest": {
            "function_hash": "124570874082151535827709451320174503838",
            "length": 210.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2016-9262-9abe70d0",
        "source": "https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735",
        "signature_version": "v1",
        "target": {
            "function": "jas_stream_write",
            "file": "src/libjasper/base/jas_stream.c"
        },
        "digest": {
            "function_hash": "254384913492403561667907704492868260123",
            "length": 243.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2016-9262-b33a0b34",
        "source": "https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735",
        "signature_version": "v1",
        "target": {
            "function": "mem_resize",
            "file": "src/libjasper/base/jas_stream.c"
        },
        "digest": {
            "function_hash": "314134384356235645966067672322173596306",
            "length": 452.0
        },
        "deprecated": false
    }
]