CVE-2016-9600
MEDIUMJasPer < 2.0.10 - Denial of Service via Null Pointer Dereference in JPEG 2000 Decoding
Title source: llmDescription
JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.
References (3)
Core 3
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1208
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1410026
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3693-1/
Scores
CVSS v3
6.5
EPSS
0.0151
EPSS Percentile
71.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (17)
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
jasper_project/jasper
< 2.0.10
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_desktop
7.0
redhat/enterprise_linux_server
6.0
redhat/enterprise_linux_server
7.0
redhat/enterprise_linux_server_aus
7.4
redhat/enterprise_linux_server_aus
7.6
redhat/enterprise_linux_server_eus
7.3
... and 7 more
Published
Mar 12, 2018
Tracked Since
Feb 18, 2026