Vulnerability Details CVE-2016-1867
The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.3%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- http://www.debian.org/security/2017/dsa-3785
- http://www.openwall.com/lists/oss-security/2016/01/13/2
- http://www.openwall.com/lists/oss-security/2016/01/13/6
- http://www.securityfocus.com/bid/81488
- https://access.redhat.com/errata/RHSA-2017:1208
- http://www.debian.org/security/2017/dsa-3785
- http://www.openwall.com/lists/oss-security/2016/01/13/2
- http://www.openwall.com/lists/oss-security/2016/01/13/6
- http://www.securityfocus.com/bid/81488
- https://access.redhat.com/errata/RHSA-2017:1208
Products affected by CVE-2016-1867
-
cpe:2.3:a:jasper_project:jasper:1.900.1