Double free vulnerability in the memclose function in jasstream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
[
{
"source": "https://github.com/jasper-software/jasper/commit/44a524e367597af58d6265ae2014468b334d0309",
"target": {
"file": "src/libjasper/base/jas_stream.c"
},
"id": "CVE-2016-8693-06c10e52",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"319348426176898312395762141354413540855",
"212237252549174315940848886191493667447",
"83188621114365130340234383120782591168",
"261974774951400936541731396934200432721",
"313915629148189820745358666201995060165",
"332889218530253578131851361112756377674"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/jasper-software/jasper/commit/44a524e367597af58d6265ae2014468b334d0309",
"target": {
"function": "mem_resize",
"file": "src/libjasper/base/jas_stream.c"
},
"id": "CVE-2016-8693-d2a394cf",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "234442291615711478744387203658053122596",
"length": 295.0
}
}
]