Vulnerability Details CVE-2016-9398
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.038
EPSS Ranking 87.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html
- http://www.openwall.com/lists/oss-security/2016/11/17/1
- http://www.securityfocus.com/bid/94382
- https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure
- https://bugzilla.redhat.com/show_bug.cgi?id=1396980
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/
- http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html
- http://www.openwall.com/lists/oss-security/2016/11/17/1
- http://www.securityfocus.com/bid/94382
- https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure
- https://bugzilla.redhat.com/show_bug.cgi?id=1396980
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/
Products affected by CVE-2016-9398
-
cpe:2.3:a:jasper_project:jasper:-
-
cpe:2.3:a:jasper_project:jasper:1.900.1
-
cpe:2.3:a:jasper_project:jasper:1.900.10
-
cpe:2.3:a:jasper_project:jasper:1.900.11
-
cpe:2.3:a:jasper_project:jasper:1.900.12
-
cpe:2.3:a:jasper_project:jasper:1.900.13
-
cpe:2.3:a:jasper_project:jasper:1.900.14
-
cpe:2.3:a:jasper_project:jasper:1.900.15
-
cpe:2.3:a:jasper_project:jasper:1.900.16
-
cpe:2.3:a:jasper_project:jasper:1.900.2
-
cpe:2.3:a:jasper_project:jasper:1.900.3
-
cpe:2.3:a:jasper_project:jasper:1.900.4
-
cpe:2.3:a:jasper_project:jasper:1.900.5
-
cpe:2.3:a:jasper_project:jasper:1.900.6
-
cpe:2.3:a:jasper_project:jasper:1.900.7
-
cpe:2.3:a:jasper_project:jasper:1.900.8
-
cpe:2.3:a:jasper_project:jasper:1.900.9
-
cpe:2.3:o:fedoraproject:fedora:32
-
cpe:2.3:o:fedoraproject:fedora:33
-
cpe:2.3:o:opensuse:leap:15.1
-
cpe:2.3:o:opensuse:leap:15.2
-
cpe:2.3:o:opensuse:leap:42.1
-
cpe:2.3:o:opensuse:leap:42.2
-
cpe:2.3:o:suse:linux_enterprise_desktop:12
-
cpe:2.3:o:suse:linux_enterprise_server:12
-
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12