CVE-2016-9390

Published: 23 March 2017

The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.

Priority

Negligible

CVSS 3 base score: 5.5

Status

Package Release Status
jasper
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.900.1-debian1-2.4ubuntu1.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.900.1-14ubuntu3.5])
Patches:
Upstream: https://github.com/mdadams/jasper/commit/ba2b9d000660313af7b692542afbd374c5685865