Vulnerability Details : CVE-2016-8886
The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.
Vulnerability category: Overflow
Products affected by CVE-2016-8886
- cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-8886
1.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-8886
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-8886
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-8886
-
http://www.openwall.com/lists/oss-security/2016/10/25/11
oss-security - Re: Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c)Mailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1388880
1388880 – (CVE-2016-8886) CVE-2016-8886 jasper: no upper limit on memory allocations in jas_malloc()Issue Tracking;Third Party Advisory
-
http://www.securityfocus.com/bid/93839
JasPer CVE-2016-8886 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c
jasper: memory allocation failure in jas_malloc (jas_malloc.c) | agostino's blogThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/
[SECURITY] Fedora 23 Update: jasper-1.900.13-1.fc23 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/
[SECURITY] Fedora 24 Update: jasper-1.900.13-1.fc24 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/10/23/2
oss-security - Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c)Mailing List;Third Party Advisory
Jump to