Candidate: CVE-2016-4425
PublicDate: 2016-05-17 14:08:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4425
 https://github.com/akheron/jansson/issues/282
 http://www.openwall.com/lists/oss-security/2016/05/01/5
Description:
 Jansson 2.7 and earlier allows context-dependent attackers to cause a
 denial of service (deep recursion, stack consumption, and crash) via
 crafted JSON data.
Ubuntu-Description:
 It was discovered that Jansson incorrectly handled certain JSON files.
 An attacker could possibly use this issue to cause a denial of service.
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_jansson:
upstream_jansson: needs-triage
precise_jansson: ignored (reached end-of-life)
precise/esm_jansson: DNE (precise was needs-triage)
trusty_jansson: released (2.5-2ubuntu0.1)
trusty/esm_jansson: DNE (trusty was released [2.5-2ubuntu0.1])

vivid/stable-phone-overlay_jansson: DNE
vivid/ubuntu-core_jansson: DNE
wily_jansson: ignored (reached end-of-life)
xenial_jansson: released (2.7-3ubuntu0.1)
esm-infra/xenial_jansson: released (2.7-3ubuntu0.1)

yakkety_jansson: ignored (reached end-of-life)
zesty_jansson: ignored (reached end-of-life)
artful_jansson: ignored (reached end-of-life)
bionic_jansson: not-affected (2.9-1)
devel_jansson: not-affected (2.9-1)