CVE-2016-9591

JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
jasper_projectjasper
𝑥
< 2.0.12
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_eus
7.3
redhatenterprise_linux_server_eus
7.4
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jasper
zesty
dne
yakkety
Fixed 1.900.1-debian1-2.4+deb8u3build0.16.10.1
released
xenial
Fixed 1.900.1-debian1-2.4ubuntu1.1
released
trusty
Fixed 1.900.1-14ubuntu3.4
released
precise
ignored
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/94952
https://access.redhat.com/errata/RHSA-2017:1208
https://bugzilla.redhat.com/show_bug.cgi?id=1406405
https://security.gentoo.org/glsa/201707-07
https://www.debian.org/security/2017/dsa-3827
http://www.securityfocus.com/bid/94952
https://access.redhat.com/errata/RHSA-2017:1208
https://bugzilla.redhat.com/show_bug.cgi?id=1406405
https://security.gentoo.org/glsa/201707-07
https://www.debian.org/security/2017/dsa-3827