CVE-2016-8884

Priority
Medium
Description
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5
allows remote attackers to cause a denial of service (NULL pointer
dereference) by calling the imginfo command with a crafted BMP image. NOTE:
this vulnerability exists because of an incomplete fix for CVE-2016-8690.
References
Bugs
Notes
 sbeattie> reproducer in bug report
 mdeslaur> Incomplete fix for CVE-2016-8690
Package
Upstream:released (1.900.9)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.04 (Zesty Zapus):DNE
Patches:
Upstream:https://github.com/mdadams/jasper/commit/5d66894d2313e3f3469f19066e149e08ff076698
More Information

Updated: 2017-10-23 12:27:30 UTC (commit 13562)