Vulnerability Details : CVE-2016-9395
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2016-9395
Probability of exploitation activity in the next 30 days: 1.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-9395
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2016-9395
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9395
-
https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure
jasper: multiple Assertion failure | agostino's blogThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00009.html
[security-announce] openSUSE-SU-2017:0101-1: important: Security updateThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00008.html
[security-announce] SUSE-SU-2017:0084-1: important: Security update forThird Party Advisory
-
http://www.securityfocus.com/bid/94376
JasPer CVE-2016-9395 Assertion Failure Denial of Service VulnerabilityMailing List;Third Party Advisory
-
https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a
The generation of the configuration file jas_config.h has been comple… · mdadams/jasper@d42b238 · GitHubIssue Tracking;Patch;Vendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1396977
1396977 – (CVE-2016-9395) CVE-2016-9395 jasper: reachable assertion failure in jas_seq2d_create()Issue Tracking;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/11/17/1
oss-security - Re: jasper: multiple assertion failuresMailing List;Third Party Advisory
Products affected by CVE-2016-9395
- cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*