CVE-2016-9391

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-9391
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9391.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-9391
Downstream
Related
Published
2017-03-23T18:59:00.740Z
Modified
2026-02-12T00:05:44.412740Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The jpcbitstreamgetbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.

References

Affected packages

Git / github.com/jasper-software/jasper

Affected ranges

Type
GIT
Repo
https://github.com/jasper-software/jasper
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1e84674d95353c64e5c4c0e7232ae86fd6ea813b

Affected versions

version-1.*
version-1.900.1
version-1.900.10
version-1.900.11
version-1.900.12
version-1.900.13
version-1.900.2
version-1.900.3
version-1.900.4
version-1.900.5
version-1.900.6
version-1.900.7
version-1.900.8
version-1.900.9

Database specific

vanir_signatures 
[
    {
        "signature_type": "Line",
        "source": "https://github.com/jasper-software/jasper/commit/1e84674d95353c64e5c4c0e7232ae86fd6ea813b",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "196102015073898811297645533749313385048",
                "190549514793867061496865254793867049549",
                "171839360652686268972686190385272810403",
                "50400149924543441238412807462829520889",
                "327322110233288906014826537694938170279"
            ]
        },
        "target": {
            "file": "src/libjasper/jpc/jpc_cs.c"
        },
        "id": "CVE-2016-9391-21661ce8",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/jasper-software/jasper/commit/1e84674d95353c64e5c4c0e7232ae86fd6ea813b",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "9972650022297922309487281288480744632",
                "1489525600137566990126885294519030176",
                "149890288200170398430171093976719239093",
                "237044679106646705559528529513431051677",
                "39002238908207410680545806976024079133",
                "194392780604242950240920179815254504841",
                "189432908879894595340330197054530181359",
                "158542315238795176845374494279664169498"
            ]
        },
        "target": {
            "file": "src/libjasper/jpc/jpc_bs.c"
        },
        "id": "CVE-2016-9391-3bccb112",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "source": "https://github.com/jasper-software/jasper/commit/1e84674d95353c64e5c4c0e7232ae86fd6ea813b",
        "digest": {
            "function_hash": "243069738599967674544252627031642253684",
            "length": 584.0
        },
        "target": {
            "file": "src/libjasper/jpc/jpc_cs.c",
            "function": "jpc_qcd_dumpparms"
        },
        "id": "CVE-2016-9391-47370895",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "source": "https://github.com/jasper-software/jasper/commit/1e84674d95353c64e5c4c0e7232ae86fd6ea813b",
        "digest": {
            "function_hash": "246779780621125895923085892503686991580",
            "length": 312.0
        },
        "target": {
            "file": "src/libjasper/jpc/jpc_bs.c",
            "function": "jpc_bitstream_putbits"
        },
        "id": "CVE-2016-9391-5753ac98",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "source": "https://github.com/jasper-software/jasper/commit/1e84674d95353c64e5c4c0e7232ae86fd6ea813b",
        "digest": {
            "function_hash": "185861260289023515017114181088663291182",
            "length": 249.0
        },
        "target": {
            "file": "src/libjasper/jpc/jpc_bs.c",
            "function": "jpc_bitstream_getbits"
        },
        "id": "CVE-2016-9391-7f26e6d9",
        "deprecated": false,
        "signature_version": "v1"
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9391.json"