CVE-2016-10249

Priority
Description
Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer
before 1.900.12 allows remote attackers to have unspecified impact via a
crafted image file, which triggers a heap-based buffer overflow.
Notes
mdeslaurfixed in (1.900.1-debian1-2.4+deb8u3)
Package
Upstream:needs-triage
Ubuntu 16.04 ESM:released (1.900.1-debian1-2.4ubuntu1.1)
Ubuntu 14.04 ESM:DNE (trusty was released [1.900.1-14ubuntu3.4])
Patches:
Upstream:https://github.com/mdadams/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568
More Information

Updated: 2022-04-13 12:10:52 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)