The jp2colrdestroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.
[
{
"id": "CVE-2016-10250-310f9237",
"source": "https://github.com/jasper-software/jasper/commit/bdfe95a6e81ffb4b2fad31a76b57943695beed20",
"signature_version": "v1",
"digest": {
"length": 1575.0,
"function_hash": "80911091394086827168572002575718765413"
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "jp2_box_get",
"file": "src/libjasper/jp2/jp2_cod.c"
}
},
{
"id": "CVE-2016-10250-cf26dbcf",
"source": "https://github.com/jasper-software/jasper/commit/bdfe95a6e81ffb4b2fad31a76b57943695beed20",
"signature_version": "v1",
"digest": {
"line_hashes": [
"168532928487672538407355996547311233470",
"190048877733282346187993799611062090676",
"173539845240277023997822140690932697188",
"127683532465109949820351605366215594061",
"149212198714581389734331933636264023938",
"98074816781760246314578676225405890354",
"72000784430460388509828811209919203016",
"33246360659536362071548195400351613146",
"221267666943798567501408066124259172212",
"116153230738338783067578281292722838017",
"13541560863955214287338678913694039442",
"140989689866164550154677147088727326606",
"141786596641179353215651568877520968982",
"43423404737713918887520911231091545759",
"262640914649492783853245428205104865780",
"215789881165227950497328351674334410933",
"217395596402717680167669236320136183342",
"292966492432959484216186320911375322903",
"253572479625376319375670813847331845903",
"45368478352233186049399829148546557582",
"211392459204369185126876091661119197977",
"301691064805476281422967457619633348267",
"335651721848836877870035788656564656045",
"90933794034054167616864166391476187165"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "src/libjasper/jp2/jp2_cod.c"
}
}
]