CVE-2016-9394

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-9394
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9394.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-9394
Downstream
Related
Published
2017-03-23T18:59:00Z
Modified
2025-10-15T08:31:06.448690Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The jasseq2dcreate function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

References

Affected packages

Git / github.com/jasper-software/jasper

Affected ranges

Type
GIT
Repo
https://github.com/jasper-software/jasper
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f7038068550fba0e41e1d0c355787f1dcd5bf330
Type
GIT
Repo
https://github.com/mdadams/jasper
Events
Introduced
0 Unknown introduced commit / All previous commits are affected

Affected versions

version-1.*

version-1.900.1
version-1.900.10
version-1.900.11
version-1.900.12
version-1.900.13
version-1.900.14
version-1.900.15
version-1.900.16
version-1.900.2
version-1.900.3
version-1.900.4
version-1.900.5
version-1.900.6
version-1.900.7
version-1.900.8
version-1.900.9

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2016-9394-0aaccfb0",
            "signature_type": "Line",
            "target": {
                "file": "src/libjasper/jpc/jpc_cs.c"
            },
            "source": "https://github.com/jasper-software/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "166246205866252788718210230287446944441",
                    "122730796418673822783381806594345986420",
                    "181666631595741909474235757653858232669",
                    "46038285075875820004345074058937989151",
                    "50955196112799176178204542264025023092",
                    "178613128254676051823559462104613942293",
                    "130506913513621164865790112248152904080",
                    "135970234598256176453961626151426662336",
                    "234752286057864962727890294762781699511",
                    "216720833961457146313933334816364378929",
                    "211303138233286485903872989533680982538",
                    "159420289177925754971602071669794171750",
                    "192762908218704583951997278635908362558",
                    "204106460512405728947694787818936397923",
                    "179898142459622662779942610421325509296",
                    "90306631920095266507461818008189116624",
                    "233401673581267643277909364827119378085",
                    "27870265582191130401726537335100347889",
                    "5377590423348546444967687130893641773",
                    "292370858408269328998996463620544294217",
                    "303793288811164687230122258545601875783",
                    "157727957268293462892508989936051981896",
                    "181513108131629326692009487016838400045",
                    "158601290403671687104871625442075195137",
                    "25549552460947505655858181933710133715",
                    "326220937051186977903545761716234936849",
                    "223304303429346722098599018435814295716",
                    "186681264790491722272104135687248163790",
                    "99554843160161696675293996167386190659",
                    "226499722717609846433463217025259485452",
                    "300542789746843838994892604283621606779",
                    "123656480523493331127422715410577660751",
                    "262749520735842443313232692976674298661",
                    "2756149138190639119617581076216107375",
                    "70330187410168641245714350259822481390",
                    "207256589703278894068305788018332025966",
                    "105600679441404651092900784072745717799",
                    "80842908288959155398920606714085267545",
                    "197603133757012022012431837160015066997",
                    "173174210314506970380795327335660406291",
                    "217172819073079827286979012410272776236",
                    "297295444819886776360825326696600298970",
                    "54473729512120145707351120114685974535",
                    "64059187602392148896394927932381315059"
                ]
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "CVE-2016-9394-61ad6482",
            "signature_type": "Function",
            "target": {
                "file": "src/libjasper/jpc/jpc_cs.c",
                "function": "jpc_siz_getparms"
            },
            "source": "https://github.com/jasper-software/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330",
            "digest": {
                "function_hash": "105203975003133862820406712094156767742",
                "length": 1804.0
            },
            "deprecated": false,
            "signature_version": "v1"
        }
    ]
}