CVE-2016-8887

The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).
References
Link Resource
http://www.openwall.com/lists/oss-security/2016/10/23/3 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/10/23/6 Mailing List Third Party Advisory
http://www.securityfocus.com/bid/93835 Third Party Advisory VDB Entry
https://blogs.gentoo.org/ago/2016/10/18/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1388828 Issue Tracking Third Party Advisory
https://github.com/mdadams/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d Issue Tracking Patch Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/
https://usn.ubuntu.com/3693-1/
http://www.openwall.com/lists/oss-security/2016/10/23/3 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/10/23/6 Mailing List Third Party Advisory
http://www.securityfocus.com/bid/93835 Third Party Advisory VDB Entry
https://blogs.gentoo.org/ago/2016/10/18/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1388828 Issue Tracking Third Party Advisory
https://github.com/mdadams/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d Issue Tracking Patch Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/
https://usn.ubuntu.com/3693-1/
Configurations

Configuration 1 (hide)

cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*

History

21 Nov 2024, 03:00

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2016/10/23/3 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2016/10/23/3 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2016/10/23/6 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2016/10/23/6 - Mailing List, Third Party Advisory
References () http://www.securityfocus.com/bid/93835 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/93835 - Third Party Advisory, VDB Entry
References () https://blogs.gentoo.org/ago/2016/10/18/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c - Third Party Advisory () https://blogs.gentoo.org/ago/2016/10/18/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=1388828 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=1388828 - Issue Tracking, Third Party Advisory
References () https://github.com/mdadams/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d - Issue Tracking, Patch, Vendor Advisory () https://github.com/mdadams/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d - Issue Tracking, Patch, Vendor Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/ -
References () https://usn.ubuntu.com/3693-1/ - () https://usn.ubuntu.com/3693-1/ -

Information

Published : 2017-03-23 18:59

Updated : 2024-11-21 03:00


NVD link : CVE-2016-8887

Mitre link : CVE-2016-8887

CVE.ORG link : CVE-2016-8887


JSON object : View

Products Affected

fedoraproject

  • fedora

jasper_project

  • jasper
CWE
CWE-476

NULL Pointer Dereference