Stack-based buffer overflow in the jpctsfbgetbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.
{ "vanir_signatures": [ { "deprecated": false, "signature_type": "Function", "source": "https://github.com/jasper-software/jasper/commit/1abc2e5a401a4bf1d5ca4df91358ce5df111f495", "target": { "file": "src/libjasper/jpc/jpc_dec.c", "function": "jpc_dec_tileinit" }, "signature_version": "v1", "digest": { "function_hash": "175780790939713017166030104739135087449", "length": 7222.0 }, "id": "CVE-2016-9560-2c2ab8d1" }, { "deprecated": false, "signature_type": "Line", "source": "https://github.com/jasper-software/jasper/commit/1abc2e5a401a4bf1d5ca4df91358ce5df111f495", "target": { "file": "src/libjasper/jpc/jpc_dec.c" }, "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "213472728717264795323337321314463496991", "34944051443844679150364108266102405752", "213113553643681384229018291800625340333", "309304087652309107944001807487660727374" ] }, "id": "CVE-2016-9560-d53e43ce" } ] }