CVE-2016-9387

Integer overflow in the jpcdecprocesssiz function in libjasper/jpc/jpcdec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.

References

Affected packages

Git / github.com/jasper-software/jasper

Affected ranges

Type: GIT
Repo: https://github.com/jasper-software/jasper
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d91198abd00fc435a397fe6bad906a4c1748e9cf

Affected versions

version-1.*

version-1.900.1

version-1.900.10

version-1.900.11

version-1.900.12

version-1.900.2

version-1.900.3

version-1.900.4

version-1.900.5

version-1.900.6

version-1.900.7

version-1.900.8

version-1.900.9

Database specific

vanir_signatures

[
    {
        "digest": {
            "line_hashes": [
                "162649287627297576852063731035152415525",
                "226120177115694592232976601955282060729",
                "85618242479426270109887864443891666473",
                "209686564553207354020312973871361104708",
                "244588284884631190782244829546901289064",
                "125189853892253328008764467669758377742",
                "339689915099979973143487541221300521781",
                "111458785441638967645653322889124458209"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "src/libjasper/jpc/jpc_dec.c"
        },
        "signature_type": "Line",
        "id": "CVE-2016-9387-692f6f1c",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/jasper-software/jasper/commit/d91198abd00fc435a397fe6bad906a4c1748e9cf"
    },
    {
        "digest": {
            "length": 3036.0,
            "function_hash": "84919795419482091308761414363530504873"
        },
        "target": {
            "file": "src/libjasper/jpc/jpc_dec.c",
            "function": "jpc_dec_process_siz"
        },
        "signature_type": "Function",
        "id": "CVE-2016-9387-f46d5386",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/jasper-software/jasper/commit/d91198abd00fc435a397fe6bad906a4c1748e9cf"
    }
]

Git / github.com/mdadams/jasper

Affected ranges

Type: GIT
Repo: https://github.com/mdadams/jasper
Events: Introduced

0 Unknown introduced commit / All previous commits are affected