CVE-2016-2089

Published: 08 February 2016

The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
jasper
Launchpad, Ubuntu, Debian
Upstream
Released (1.900.1-debian1-2.4+deb8u1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.900.1-debian1-2.4ubuntu1.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.900.1-14ubuntu3.4])
Patches:
Upstream: https://github.com/mdadams/jasper/commit/c87ad330a8b8d6e5eb0065675601fdfae08ebaab