CVE-2016-10250

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-10250
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10250.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-10250
Downstream
Related
Published
2017-03-15T14:59:00Z
Modified
2025-10-21T03:26:59.060470Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The jp2colrdestroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.

References

Affected packages

Git / github.com/jasper-software/jasper

Affected ranges

Type
GIT
Repo
https://github.com/jasper-software/jasper
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/mdadams/jasper
Events
Introduced
0 Unknown introduced commit / All previous commits are affected

Affected versions

version-1.*

version-1.900.1
version-1.900.10
version-1.900.11
version-1.900.12
version-1.900.2
version-1.900.3
version-1.900.4
version-1.900.5
version-1.900.6
version-1.900.7
version-1.900.8
version-1.900.9

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/jasper-software/jasper/commit/bdfe95a6e81ffb4b2fad31a76b57943695beed20",
        "signature_version": "v1",
        "target": {
            "file": "src/libjasper/jp2/jp2_cod.c",
            "function": "jp2_box_get"
        },
        "digest": {
            "length": 1575.0,
            "function_hash": "80911091394086827168572002575718765413"
        },
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2016-10250-310f9237"
    },
    {
        "source": "https://github.com/jasper-software/jasper/commit/bdfe95a6e81ffb4b2fad31a76b57943695beed20",
        "signature_version": "v1",
        "target": {
            "file": "src/libjasper/jp2/jp2_cod.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "168532928487672538407355996547311233470",
                "190048877733282346187993799611062090676",
                "173539845240277023997822140690932697188",
                "127683532465109949820351605366215594061",
                "149212198714581389734331933636264023938",
                "98074816781760246314578676225405890354",
                "72000784430460388509828811209919203016",
                "33246360659536362071548195400351613146",
                "221267666943798567501408066124259172212",
                "116153230738338783067578281292722838017",
                "13541560863955214287338678913694039442",
                "140989689866164550154677147088727326606",
                "141786596641179353215651568877520968982",
                "43423404737713918887520911231091545759",
                "262640914649492783853245428205104865780",
                "215789881165227950497328351674334410933",
                "217395596402717680167669236320136183342",
                "292966492432959484216186320911375322903",
                "253572479625376319375670813847331845903",
                "45368478352233186049399829148546557582",
                "211392459204369185126876091661119197977",
                "301691064805476281422967457619633348267",
                "335651721848836877870035788656564656045",
                "90933794034054167616864166391476187165"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2016-10250-cf26dbcf"
    }
]