CVE-2016-10248

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-10248
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10248.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-10248
Downstream
Related
Published
2017-03-15T14:59:00Z
Modified
2025-10-14T15:21:20.892852Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The jpctsfbsynthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.

References

Affected packages

Git / github.com/jasper-software/jasper

Affected ranges

Type
GIT
Repo
https://github.com/jasper-software/jasper
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2e82fa00466ae525339754bb3ab0a0474a31d4bd
Type
GIT
Repo
https://github.com/mdadams/jasper
Events
Introduced
0 Unknown introduced commit / All previous commits are affected

Affected versions

version-1.*

version-1.900.1
version-1.900.2
version-1.900.3
version-1.900.4
version-1.900.5
version-1.900.6
version-1.900.7
version-1.900.8

Database specific 

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "target": {
                "file": "src/libjasper/include/jasper/jas_seq.h"
            },
            "signature_type": "Line",
            "source": "https://github.com/jasper-software/jasper/commit/2e82fa00466ae525339754bb3ab0a0474a31d4bd",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "19490677935018637347362985802424641559",
                    "336585047646684351237561482554012619204",
                    "332489675999361250825695787902589851609",
                    "176365517570995130166562608879835636437",
                    "204133425909586796962148635295946243285",
                    "306513657856478761071854638059995619664",
                    "209508161927417262742965921339316924068"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2016-10248-1b38834e"
        },
        {
            "signature_version": "v1",
            "target": {
                "function": "jpc_undo_roi",
                "file": "src/libjasper/jpc/jpc_dec.c"
            },
            "signature_type": "Function",
            "source": "https://github.com/jasper-software/jasper/commit/2e82fa00466ae525339754bb3ab0a0474a31d4bd",
            "deprecated": false,
            "digest": {
                "length": 794.0,
                "function_hash": "300009143571302029714413275190333053047"
            },
            "id": "CVE-2016-10248-88bc18b5"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "src/libjasper/jpc/jpc_dec.c"
            },
            "signature_type": "Line",
            "source": "https://github.com/jasper-software/jasper/commit/2e82fa00466ae525339754bb3ab0a0474a31d4bd",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "312046892942525334833231597288904871208",
                    "331483401292352016434812509318039800294",
                    "339418996086357033761368163352010004758",
                    "297747516350643429271873413311506903807",
                    "308788279227875488471386197637205321117",
                    "100060094183052737176262676252191764283",
                    "177400214351083848424278930681593531922"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2016-10248-d79a5658"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "src/libjasper/jpc/jpc_tsfb.c"
            },
            "signature_type": "Line",
            "source": "https://github.com/jasper-software/jasper/commit/2e82fa00466ae525339754bb3ab0a0474a31d4bd",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "119123647092762913742815363730060137518",
                    "133732635935258826261011538303425761496",
                    "117654475021229491682697825348655190972",
                    "148942844950794296650273566861507259549"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2016-10248-dfefac93"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "src/libjasper/include/jasper/jas_math.h"
            },
            "signature_type": "Line",
            "source": "https://github.com/jasper-software/jasper/commit/2e82fa00466ae525339754bb3ab0a0474a31d4bd",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "41318202135477798845071348004250639885",
                    "124617717506131243092864552019875925200",
                    "203778577402385495315866169931701378808"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2016-10248-fcabd592"
        }
    ]
}