Vulnerability Details : CVE-2016-9398
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
Vulnerability category: Denial of service
Products affected by CVE-2016-9398
- cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:raspberry_pi:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp2:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
- cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-9398
1.70%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-9398
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-9398
-
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9398
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/
[SECURITY] Fedora 33 Update: jasper-2.0.24-1.fc33 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure
jasper: multiple Assertion failure | agostino's blogPatch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00009.html
[security-announce] openSUSE-SU-2017:0101-1: important: Security updateMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00008.html
[security-announce] SUSE-SU-2017:0084-1: important: Security update forMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/11/17/1
oss-security - Re: jasper: multiple assertion failuresMailing List;Patch;Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html
[security-announce] openSUSE-SU-2020:1523-1: moderate: Security update fMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/
[SECURITY] Fedora 32 Update: jasper-2.0.24-1.fc32 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html
[security-announce] openSUSE-SU-2020:1517-1: moderate: Security update fMailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1396980
1396980 – (CVE-2016-9398) CVE-2016-9398 jasper: reachable assertion in jpc_floorlog2()Issue Tracking;Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/94382
JasPer CVE-2016-9398 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
Jump to