CVE-2016-9396 : The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows

The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.

Published 2017-03-23 18:59:01

Updated 2021-02-03 04:15:13

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2016-9396

Jasper Project » Jasper
Versions up to, including, (<=) 1.900.11
cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-9396

EPSS FAQ

2.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 82 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-9396

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

References for CVE-2016-9396

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/

[SECURITY] Fedora 33 Update: jasper-2.0.24-1.fc33 - package-announce - Fedora Mailing-Lists

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2018:3253

RHSA-2018:3253 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure

jasper: multiple Assertion failure | agostino's blog
Patch;Third Party Advisory;VDB Entry

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1396978

1396978 – (CVE-2016-9396) CVE-2016-9396 jasper: reachable assertion in JPC_NOMINALGAIN()
Issue Tracking;Third Party Advisory;VDB Entry
https://access.redhat.com/errata/RHSA-2018:3505

RHSA-2018:3505 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://usn.ubuntu.com/3693-1/

USN-3693-1: JasPer vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1485272

1485272 – There is a reachable assertion abort in function JPC_NOMINALGAIN() of JasPer that will lead to remote denial of service attack.
http://www.openwall.com/lists/oss-security/2016/11/17/1

oss-security - Re: jasper: multiple assertion failures
Mailing List;VDB Entry

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00004.html

[security-announce] openSUSE-SU-2019:1315-1: moderate: Security update f

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/

[SECURITY] Fedora 32 Update: jasper-2.0.24-1.fc32 - package-announce - Fedora Mailing-Lists

CVEs referencing this url
http://www.securityfocus.com/bid/94379

JasPer CVE-2016-9396 Denial of Service Vulnerability
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2016-9396

Products affected by CVE-2016-9396

Exploit prediction scoring system (EPSS) score for CVE-2016-9396

CVSS scores for CVE-2016-9396

References for CVE-2016-9396