Lucene search

PRIOn knowledge basePRION:CVE-2016-9399

HistoryMar 23, 2017 - 6:59 p.m.

Command injection

2017-03-2318:59:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.7%

JSON

The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

CPENameOperatorVersion
fedoraeq32
fedoraeq33
jaspereq1.900.22
leapeq15.1
leapeq15.2

Name	Operator	Version
fedora	eq	32
fedora	eq	33
jasper	eq	1.900.22
leap	eq	15.1
leap	eq	15.2

References

lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html

lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html

www.openwall.com/lists/oss-security/2016/11/17/1

www.securityfocus.com/bid/94380

blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure

bugzilla.redhat.com/show_bug.cgi?id=1396981

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/