CVE-2016-10251 in Ubuntu

CVE-2016-10251

Priority

Description

Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer
before 1.900.20 allows remote attackers to have unspecified impact via a
crafted file, which triggers use of an uninitialized value.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10251
http://www.openwall.com/lists/oss-security/2016/11/04/11
https://blogs.gentoo.org/ago/2016/11/04/jasper-use-of-uninitialized-value-in-jpc_pi_nextcprl-jpc_t2cod-c/
https://ubuntu.com/security/notices/USN-3295-1

Bugs

https://github.com/mdadams/jasper/issues/75

Notes

mdeslaur

fixed in (1.900.1-debian1-2.4+deb8u3)

Package

Source: jasper (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 16.04 ESM:	released (1.900.1-debian1-2.4ubuntu1.1)
Ubuntu 14.04 ESM:	DNE (trusty was released [1.900.1-14ubuntu3.4])

Patches:

Upstream:

https://github.com/mdadams/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387

More Information

Updated: 2022-04-13 12:10:53 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)