Vulnerability Manager Plus

Library for manipulating JPEG-2000 files (USN-3295-1) libjasper1_1.900.1-14ubuntu3.4_i386.deb

Risk Information

Base Score

7.8

MODERATE

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.539%

CVE Information

Source CVE
CVE-2016-10249

Associated CVE
CVE-2016-10249
CVE-2016-10251
CVE-2016-8654
CVE-2016-1867
CVE-2016-2089

Patch Details

No records found

References

http://lists.opensuse.org/opensuse-updates/2016-02/msg00060.html
http://lists.opensuse.org/opensuse-updates/2016-02/msg00063.html
http://www.debian.org/security/2016/dsa-3508
http://www.debian.org/security/2017/dsa-3785
http://www.debian.org/security/2017/dsa-3827
http://www.openwall.com/lists/oss-security/2016/01/13/2
http://www.openwall.com/lists/oss-security/2016/01/13/6
http://www.openwall.com/lists/oss-security/2016/01/28/4
http://www.openwall.com/lists/oss-security/2016/01/28/6
http://www.securityfocus.com/bid/81488
http://www.securityfocus.com/bid/83108
http://www.securityfocus.com/bid/93838
http://www.securityfocus.com/bid/97584
https://access.redhat.com/errata/RHSA-2017:1208
https://blogs.gentoo.org/ago/2016/10/23/jasper-heap-based-buffer-overflow-in-jpc_dec_tiledecode-jpc_dec-c/
https://blogs.gentoo.org/ago/2016/11/04/jasper-use-of-uninitialized-value-in-jpc_pi_nextcprl-jpc_t2cod-c/
https://github.com/mdadams/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387
https://github.com/mdadams/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568