CVE-2016-10251
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-10251
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10251.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-10251
- Downstream
- Related
- Published
- 2017-03-15T14:59:00Z
- Modified
- 2025-11-08T11:53:10.343483Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Integer overflow in the jpcpinextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.
- References
-
- http://www.debian.org/security/2017/dsa-3827
- https://access.redhat.com/errata/RHSA-2017:1208
- https://blogs.gentoo.org/ago/2016/11/04/jasper-use-of-uninitialized-value-in-jpc_pi_nextcprl-jpc_t2cod-c/
- https://github.com/mdadams/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387
- http://www.securityfocus.com/bid/97584
- https://www.oracle.com/security-alerts/cpuapr2020.html
Affected packages
Git / github.com/jasper-software/jasper
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jasper-software/jasper
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
mdadams-clang-issue
version-1.*
version-1.900.1
version-1.900.10
version-1.900.11
version-1.900.12
version-1.900.13
version-1.900.14
version-1.900.15
version-1.900.16
version-1.900.17
version-1.900.18
version-1.900.19
version-1.900.2
version-1.900.3
version-1.900.4
version-1.900.5
version-1.900.6
version-1.900.7
version-1.900.8
version-1.900.9
Database specific
vanir_signatures
[
{
"id": "CVE-2016-10251-8a4eeec1",
"source": "https://github.com/jasper-software/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/libjasper/jpc/jpc_t2cod.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"165689953799654249991137220875181468194",
"128971190599696607672004705790472716209",
"340013551664966253502468683426121265696",
"54483453896853610045188167776453057765",
"230607466615026152507314415710810724118",
"215780355437930395610316330135737118086",
"76677039805164506382714206428313615043",
"190294190935024944023803776371007662069",
"95017682708229379985934189969499943622",
"102421614951700700255535907653668747968",
"60940970347038936967896411632513501654",
"156589362343188982671514040987431434435",
"269892895408404178832435594858801455765",
"37277427703805217467199849257421117167",
"321288862409269540886715717266957502046",
"49240917719790187032713506394057185720"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2016-10251-f43c126b",
"source": "https://github.com/jasper-software/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/libjasper/jpc/jpc_t2cod.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"166258483757804546597924709934186133410",
"253977191309708165760353445946583975220",
"215713522158653146175348022674833104",
"220709798285471084325188469490273586505",
"205394709244452991880971703800148336896",
"133989717379470354156069765785412958800",
"125791006374783685188298402338964341779",
"74465330962049681432873469299347392530",
"7843754396697231044177593896039678262",
"102160566508520355425429414497908587278",
"255647365525158235923073766583428674446",
"133636838350246599771700794233977370781",
"84047886545597970108647430679865689940",
"34594557878918465565411771624183116896",
"331526609333454698491062761269168822536"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2016-10251-f715f06a",
"source": "https://github.com/jasper-software/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "jpc_pi_nextcprl",
"file": "src/libjasper/jpc/jpc_t2cod.c"
},
"digest": {
"length": 3042.0,
"function_hash": "4382887644061957087315080177743569799"
},
"signature_type": "Function"
}
]