CVE-2016-8886

Published: 23 March 2017

The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.

Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
jasper
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Ignored

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored)
Patches:
Upstream: https://github.com/mdadams/jasper/commit/65536647d380571d1a9a6c91fa03775fb5bbd256

Notes

AuthorNote
mdeslaur
upstream fix adds experimental memory allocator. Not suitable
for backporting to stable releases. No viable fix as of
2019-01-17, but the memory allocation is handled gracefully, so
the security impact is minimal. We will not be fixing this issue.
Marking as ignored.

References

Bugs