4 matches found
jasper: missing jas_matrix_create() parameter checks
The bmpgetdata function in libjasper/bmp/bmpdec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service NULL pointer dereference by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690...
UBUNTU-CVE-2016-8884
The bmpgetdata function in libjasper/bmp/bmpdec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service NULL pointer dereference by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690...
UBUNTU-CVE-2016-8691
The jpcdecprocesssiz function in libjasper/jpc/jpcdec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted XRsiz value in a BMP image to the imginfo command...
perl-Image-Info XML External Entity Injection Vulnerability
perl-Image-Info extracts meta information from various types of image files. perl-Image-Info suffers from an XML external entity injection vulnerability that can be exploited by attackers to obtain sensitive information or cause a denial of service condition...