libjasper.so is vulnerable to denial of service (DoS) attacks. A malicious user can pass a jpc file to the jpc_dequantize
function in jpc_dec.c
to cause an assertion failure that can crash the application. This issue was also given CVE-2016-9397
.
CPE | Name | Operator | Version |
---|---|---|---|
libjasper.so | eq | 1.0.0 |
www.securityfocus.com/bid/100514
bugzilla.redhat.com/show_bug.cgi?id=1485276
github.com/mdadams/jasper/issues/56
lists.fedoraproject.org/archives/list/[email protected]/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/
lists.fedoraproject.org/archives/list/[email protected]/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/
nvd.nist.gov/vuln/detail/CVE-2016-9397
security.gentoo.org/glsa/201908-03