Your submission was sent successfully! Close

CVE-2016-10250

Published: 15 March 2017

The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
jasper
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

precise Does not exist
(precise was needs-triage)
trusty Does not exist
(trusty was released [1.900.1-14ubuntu3.5])
upstream Needs triage

xenial
Released (1.900.1-debian1-2.4ubuntu1.2)
yakkety Ignored
(reached end-of-life)
zesty Does not exist