Vulnerabilities > CVE-2016-8882 - NULL Pointer Dereference vulnerability in Jasper Project Jasper
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 8 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2776-1.NASL description This update for jasper fixes the following issues: Security fixes : - CVE-2016-8887: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (bsc#1006836) - CVE-2016-8886: memory allocation failure in jas_malloc (jas_malloc.c) (bsc#1006599) - CVE-2016-8884,CVE-2016-8885: two NULL pointer dereferences in bmp_getdata (incomplete fix for CVE-2016-8690) (bsc#1007009) - CVE-2016-8883: assert in jpc_dec_tiledecode() (bsc#1006598) - CVE-2016-8882: segfault / NULL pointer access in jpc_pi_destroy (bsc#1006597) - CVE-2016-8881: Heap overflow in jpc_getuint16() (bsc#1006593) - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox() (bsc#1006591) - CVE-2016-8693: Double free vulnerability in mem_close (bsc#1005242) - CVE-2016-8691, CVE-2016-8692: Divide by zero in jpc_dec_process_siz (bsc#1005090) - CVE-2016-8690: NULL pointer dereference in bmp_getdata triggered by crafted BMP image (bsc#1005084) - CVE-2016-2089: invalid read in the JasPer last seen 2020-06-01 modified 2020-06-02 plugin id 94729 published 2016-11-11 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94729 title SUSE SLES11 Security Update : jasper (SUSE-SU-2016:2776-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:2776-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(94729); script_version("2.9"); script_cvs_date("Date: 2019/09/11 11:22:14"); script_cve_id("CVE-2008-3522", "CVE-2015-5203", "CVE-2015-5221", "CVE-2016-1577", "CVE-2016-1867", "CVE-2016-2089", "CVE-2016-2116", "CVE-2016-8690", "CVE-2016-8691", "CVE-2016-8692", "CVE-2016-8693", "CVE-2016-8880", "CVE-2016-8881", "CVE-2016-8882", "CVE-2016-8883", "CVE-2016-8884", "CVE-2016-8885", "CVE-2016-8886", "CVE-2016-8887"); script_bugtraq_id(31470); script_name(english:"SUSE SLES11 Security Update : jasper (SUSE-SU-2016:2776-1)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for jasper fixes the following issues: Security fixes : - CVE-2016-8887: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (bsc#1006836) - CVE-2016-8886: memory allocation failure in jas_malloc (jas_malloc.c) (bsc#1006599) - CVE-2016-8884,CVE-2016-8885: two NULL pointer dereferences in bmp_getdata (incomplete fix for CVE-2016-8690) (bsc#1007009) - CVE-2016-8883: assert in jpc_dec_tiledecode() (bsc#1006598) - CVE-2016-8882: segfault / NULL pointer access in jpc_pi_destroy (bsc#1006597) - CVE-2016-8881: Heap overflow in jpc_getuint16() (bsc#1006593) - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox() (bsc#1006591) - CVE-2016-8693: Double free vulnerability in mem_close (bsc#1005242) - CVE-2016-8691, CVE-2016-8692: Divide by zero in jpc_dec_process_siz (bsc#1005090) - CVE-2016-8690: NULL pointer dereference in bmp_getdata triggered by crafted BMP image (bsc#1005084) - CVE-2016-2089: invalid read in the JasPer's jas_matrix_clip() function (bsc#963983) - CVE-2016-1867: Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function (bsc#961886) - CVE-2016-1577, CVE-2016-2116: double free vulnerability in the jas_iccattrval_destroy function (bsc#968373) - CVE-2015-5221: Use-after-free (and double-free) in Jasper JPEG-200 (bsc#942553) - CVE-2015-5203: Double free corruption in JasPer JPEG-2000 implementation (bsc#941919) - CVE-2008-3522: multiple integer overflows (bsc#392410) - bsc#1006839: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (incomplete fix for CVE-2016-8887) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1005084" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1005090" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1005242" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1006591" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1006593" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1006597" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1006598" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1006599" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1006836" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1006839" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1007009" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=392410" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=941919" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=942553" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=961886" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=963983" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=968373" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2008-3522/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-5203/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-5221/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-1577/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-1867/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-2089/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-2116/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-8690/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-8691/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-8692/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-8693/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-8880/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-8881/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-8882/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-8883/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-8884/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-8885/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-8886/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-8887/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20162776-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?730c3414" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t patch sdksp4-jasper-12846=1 SUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-jasper-12846=1 SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-jasper-12846=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libjasper"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/10/02"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"libjasper-32bit-1.900.14-134.25.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"libjasper-32bit-1.900.14-134.25.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"libjasper-1.900.14-134.25.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jasper"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2016-6C789BA91D.NASL description This update contains security fix for CVE-2016-8883, CVE-2016-8882, CVE-2016-8881, CVE-2016-8880, CVE-2016-8884, CVE-2016-8885, CVE-2016-8887, CVE-2016-8886. ---- New version of jasper is available (jasper-1.900.13). Security fix for CVE-2016-8690, CVE-2016-8691, CVE-2016-8692, CVE-2016-8693. ---- New version of jasper is available (1.900.3) ---- Security fix for CVE-2016-2089 ---- New version of jasper is available. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-11-11 plugin id 94689 published 2016-11-11 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94689 title Fedora 23 : jasper (2016-6c789ba91d) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3785.NASL description Multiple vulnerabilities have been discovered in the JasPer library for processing JPEG-2000 images, which may result in denial of service or the execution of arbitrary code if a malformed image is processed. last seen 2020-06-01 modified 2020-06-02 plugin id 97090 published 2017-02-10 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97090 title Debian DSA-3785-1 : jasper - security update NASL family Fedora Local Security Checks NASL id FEDORA_2016-E0F0D48142.NASL description This update contains security fix for CVE-2016-8883, CVE-2016-8882, CVE-2016-8881, CVE-2016-8880, CVE-2016-8884, CVE-2016-8885, CVE-2016-8887, CVE-2016-8886. ---- New version of jasper is available (jasper-1.900.13). Security fix for CVE-2016-8690, CVE-2016-8691, CVE-2016-8692, CVE-2016-8693. ---- New version of jasper is available (1.900.3) ---- Security fix for CVE-2016-2089 ---- New version of jasper is available. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-11-10 plugin id 94662 published 2016-11-10 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94662 title Fedora 24 : jasper (2016-e0f0d48142) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-739.NASL description CVE-2016-8691 FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c CVE-2016-8692 FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c CVE-2016-8693 attempting double-free ... mem_close ... jas_stream.c CVE-2016-8882 segfault / NULL pointer access in jpc_pi_destroy CVE-2016-9560 stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c) CVE-2016-8887 part 1 + 2 NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) CVE-2016-8654 Heap-based buffer overflow in QMFB code in JPC codec CVE-2016-8883 assert in jpc_dec_tiledecode() TEMP-CVE heap-based buffer overflow in jpc_dec_tiledecode (jpc_dec.c) For Debian 7 last seen 2020-03-17 modified 2016-12-12 plugin id 95664 published 2016-12-12 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95664 title Debian DLA-739-1 : jasper security updat NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1163.NASL description According to the version of the jasper package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.(CVE-2016-8882) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2018-06-28 plugin id 110739 published 2018-06-28 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110739 title EulerOS 2.0 SP3 : jasper (EulerOS-SA-2018-1163) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3295-1.NASL description It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 100294 published 2017-05-19 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100294 title Ubuntu 14.04 LTS / 16.04 LTS : jasper vulnerabilities (USN-3295-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1263.NASL description This update for jasper to version 1.900.14 fixes several issues. These security issues were fixed : - CVE-2008-3522: Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer might have allowed context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (bsc#392410) - CVE-2015-5203: Double free corruption in JasPer JPEG-2000 implementation (bsc#941919). - CVE-2015-5221: Use-after-free (and double-free) in Jasper JPEG-200 (bsc#942553). - CVE-2016-1577: Double free vulnerability in the jas_iccattrval_destroy function in JasPer allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137 (bsc#968373). - CVE-2016-2116: Memory leak in the jas_iccprof_createfrombuf function in JasPer allowed remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file (bsc#968373) - CVE-2016-8690: NULL pointer dereference in bmp_getdata triggered by crafted BMP image (bsc#1005084). - CVE-2016-8691, CVE-2016-8692: Missing range check on XRsiz and YRsiz fields of SIZ marker segment (bsc#1005090). - CVE-2016-8693: The memory stream interface allowed for a buffer size of zero. The case of a zero-sized buffer was not handled correctly, as it could lead to a double free (bsc#1005242). - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox() (bsc#1006591). - CVE-2016-8881: Heap overflow in jpc_getuint16() (bsc#1006593). - CVE-2016-8882: NULL pointer access in jpc_pi_destroy (bsc#1006597). - CVE-2016-8883: Assert triggered in jpc_dec_tiledecode() (bsc#1006598). - CVE-2016-8886: Memory allocation failure in jas_malloc (jas_malloc.c) (bsc#1006599). For additional change description please have a look at the changelog. last seen 2020-06-05 modified 2016-11-07 plugin id 94596 published 2016-11-07 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/94596 title openSUSE Security Update : jasper (openSUSE-2016-1263) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1270.NASL description This update for jasper to version 1.900.14 fixes several issues. These security issues were fixed : - CVE-2008-3522: Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer might have allowed context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (bsc#392410) - CVE-2015-5203: Double free corruption in JasPer JPEG-2000 implementation (bsc#941919). - CVE-2015-5221: Use-after-free (and double-free) in Jasper JPEG-200 (bsc#942553). - CVE-2016-1577: Double free vulnerability in the jas_iccattrval_destroy function in JasPer allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137 (bsc#968373). - CVE-2016-2116: Memory leak in the jas_iccprof_createfrombuf function in JasPer allowed remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file (bsc#968373) - CVE-2016-8690: NULL pointer dereference in bmp_getdata triggered by crafted BMP image (bsc#1005084). - CVE-2016-8691, CVE-2016-8692: Missing range check on XRsiz and YRsiz fields of SIZ marker segment (bsc#1005090). - CVE-2016-8693: The memory stream interface allowed for a buffer size of zero. The case of a zero-sized buffer was not handled correctly, as it could lead to a double free (bsc#1005242). - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox() (bsc#1006591). - CVE-2016-8881: Heap overflow in jpc_getuint16() (bsc#1006593). - CVE-2016-8882: NULL pointer access in jpc_pi_destroy (bsc#1006597). - CVE-2016-8883: Assert triggered in jpc_dec_tiledecode() (bsc#1006598). - CVE-2016-8886: Memory allocation failure in jas_malloc (jas_malloc.c) (bsc#1006599). For additional change description please have a look at the changelog. last seen 2020-06-05 modified 2016-11-07 plugin id 94601 published 2016-11-07 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94601 title openSUSE Security Update : jasper (openSUSE-2016-1270) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1309.NASL description This update for jasper to version 1.900.14 fixes several issues. These security issues were fixed : - CVE-2016-8887: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (bsc#1006836) - CVE-2016-8886: memory allocation failure in jas_malloc (jas_malloc.c) (bsc#1006599) - CVE-2016-8884,CVE-2016-8885: two NULL pointer dereferences in bmp_getdata (incomplete fix for CVE-2016-8690) (bsc#1007009) - CVE-2016-8883: assert in jpc_dec_tiledecode() (bsc#1006598) - CVE-2016-8882: segfault / NULL pointer access in jpc_pi_destroy (bsc#1006597) - CVE-2016-8881: Heap overflow in jpc_getuint16() (bsc#1006593) - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox() (bsc#1006591) - CVE-2016-8693 Double free vulnerability in mem_close (bsc#1005242) - CVE-2016-8691, CVE-2016-8692: Divide by zero in jpc_dec_process_siz (bsc#1005090) - CVE-2016-8690: NULL pointer dereference in bmp_getdata triggered by crafted BMP image (bsc#1005084) - CVE-2016-2116: Memory leak in the jas_iccprof_createfrombuf function in JasPer allowed remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file (bsc#968373) - CVE-2016-2089: invalid read in the JasPer last seen 2020-06-05 modified 2016-11-18 plugin id 94945 published 2016-11-18 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/94945 title openSUSE Security Update : jasper (openSUSE-2016-1309) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2775-1.NASL description This update for jasper to version 1.900.14 fixes several issues. These security issues were fixed : - CVE-2016-8887: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (bsc#1006836) - CVE-2016-8886: memory allocation failure in jas_malloc (jas_malloc.c) (bsc#1006599) - CVE-2016-8884,CVE-2016-8885: two NULL pointer dereferences in bmp_getdata (incomplete fix for CVE-2016-8690) (bsc#1007009) - CVE-2016-8883: assert in jpc_dec_tiledecode() (bsc#1006598) - CVE-2016-8882: segfault / NULL pointer access in jpc_pi_destroy (bsc#1006597) - CVE-2016-8881: Heap overflow in jpc_getuint16() (bsc#1006593) - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox() (bsc#1006591) - CVE-2016-8693 Double free vulnerability in mem_close (bsc#1005242) - CVE-2016-8691, CVE-2016-8692: Divide by zero in jpc_dec_process_siz (bsc#1005090) - CVE-2016-8690: NULL pointer dereference in bmp_getdata triggered by crafted BMP image (bsc#1005084) - CVE-2016-2116: Memory leak in the jas_iccprof_createfrombuf function in JasPer allowed remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file (bsc#968373) - CVE-2016-2089: invalid read in the JasPer last seen 2020-06-01 modified 2020-06-02 plugin id 94728 published 2016-11-11 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94728 title SUSE SLED12 / SLES12 Security Update : jasper (SUSE-SU-2016:2775-1)
References
- http://www.debian.org/security/2017/dsa-3785
- http://www.debian.org/security/2017/dsa-3785
- http://www.openwall.com/lists/oss-security/2016/10/17/1
- http://www.openwall.com/lists/oss-security/2016/10/17/1
- http://www.openwall.com/lists/oss-security/2016/10/23/8
- http://www.openwall.com/lists/oss-security/2016/10/23/8
- http://www.securityfocus.com/bid/95864
- http://www.securityfocus.com/bid/95864
- https://github.com/mdadams/jasper/issues/30
- https://github.com/mdadams/jasper/issues/30