Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.
References
Link | Resource |
---|---|
http://www.debian.org/security/2017/dsa-3785 | Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/11/20/1 | Exploit Mailing List Patch Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/11/23/5 | Mailing List Patch Third Party Advisory |
http://www.securityfocus.com/bid/94428 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2017:1208 | Third Party Advisory |
https://blogs.gentoo.org/ago/2016/11/20/jasper-stack-based-buffer-overflow-in-jpc_tsfb_getbands2-jpc_tsfb-c/ | Exploit Patch Third Party Advisory VDB Entry |
https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-9560 | Exploit Patch Third Party Advisory |
https://github.com/mdadams/jasper/commit/1abc2e5a401a4bf1d5ca4df91358ce5df111f495 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
15 Mar 2021, 22:08
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) http://www.openwall.com/lists/oss-security/2016/11/23/5 - Mailing List, Patch, Third Party Advisory | |
References | (CONFIRM) https://github.com/mdadams/jasper/commit/1abc2e5a401a4bf1d5ca4df91358ce5df111f495 - Patch, Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2017/dsa-3785 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2017:1208 - Third Party Advisory | |
References | (MISC) https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-9560 - Exploit, Patch, Third Party Advisory | |
CWE | CWE-787 | |
CPE | cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* |
04 Mar 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image. |
Information
Published : 2017-02-15 19:59
Updated : 2023-12-10 12:01
NVD link : CVE-2016-9560
Mitre link : CVE-2016-9560
CVE.ORG link : CVE-2016-9560
JSON object : View
Products Affected
debian
- debian_linux
jasper_project
- jasper
redhat
- enterprise_linux_server_aus
- enterprise_linux_server_tus
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_desktop
- enterprise_linux_eus
CWE
CWE-787
Out-of-bounds Write