CVE-2016-9583

NameCVE-2016-9583
DescriptionAn out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
jasper (PTS)jessie, jessie (lts)1.900.1-debian1-2.4+deb8u12vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
jaspersource(unstable)(unfixed)unimportant

Notes

https://github.com/mdadams/jasper/issues/103
Fixed by https://github.com/mdadams/jasper/commit/99a50593254d1b53002719bbecfc946c84b23d27
The issue exists due to an overflow check which is not present
in Wheezy and Jessie. However it makes sense to implement this check.
This can be done when more important issues are found [wheezy].
Not suitable for code injection, hardly denial of service

Search for package or bug name: Reporting problems