Veracode Vulnerability DatabaseVERACODE:6760Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
libjasper.so is vulnerable to denial of service (DoS) attacks. A malicious user can pass a jpc file to the jpc_dequantize function in jpc_dec.c to cause an assertion failure that can crash the application. This issue was also given CVE-2016-9397.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libjasper.so | eq | 1.0.0 |
References
www.securityfocus.com/bid/100514
bugzilla.redhat.com/show_bug.cgi?id=1485276
github.com/mdadams/jasper/issues/56
lists.fedoraproject.org/archives/list/[email protected]/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/
lists.fedoraproject.org/archives/list/[email protected]/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/
nvd.nist.gov/vuln/detail/CVE-2016-9397
security.gentoo.org/glsa/201908-03
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P