CVE-2016-1867 in Ubuntu

CVE-2016-1867

Priority

Description

The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to
cause a denial of service (out-of-bounds read and application crash) via a
crafted JPEG 2000 image.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1867
http://seclists.org/oss-sec/2016/q1/84
https://ubuntu.com/security/notices/USN-3295-1

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=811023

Notes

mdeslaur

fixed in (1.900.1-debian1-2.4+deb8u2)

Package

Source: jasper (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 16.04 ESM:	released (1.900.1-debian1-2.4ubuntu1.1)
Ubuntu 14.04 ESM:	DNE (trusty was released [1.900.1-14ubuntu3.4])
Ubuntu 20.04 FIPS Compliant:	DNE

Patches:

Upstream:

https://github.com/mdadams/jasper/commit/980da43d8d388a67cac505e734423b2a5aa4cede

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-04-13 12:12:37 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)