The jp2colrdestroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "23"
},
{
"last_affected": "23"
},
{
"introduced": "24"
},
{
"last_affected": "24"
}
],
"source": "CPE_STRING",
"vendor_product": "fedoraproject:fedora"
}
]
}{
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "1.900.9"
}
],
"cpe": "cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*",
"source": [
"CPE_RANGE",
"REFERENCES"
]
}"2026-07-08T12:41:55Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-8887.json"
[
{
"signature_type": "Line",
"target": {
"file": "src/libjasper/jp2/jp2_dec.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"50701667098450232897669611192440229775",
"338076433796758030512808625302044573068",
"324309987570099149972494763007595930763",
"224182038965493698539519420357645987232"
],
"threshold": 0.9
},
"id": "CVE-2016-8887-9d409d97",
"source": "https://github.com/jasper-software/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"file": "src/libjasper/jp2/jp2_dec.c",
"function": "jp2_decode"
},
"deprecated": false,
"digest": {
"length": 7288.0,
"function_hash": "319618119064158989381023722366510105818"
},
"id": "CVE-2016-8887-bafe3d72",
"source": "https://github.com/jasper-software/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "src/libjasper/jp2/jp2_cod.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"221267666943798567501408066124259172212",
"208160112183049958527465613144070537871",
"116037558554707769102437633966911769677",
"262463792489045736920271914399257841767",
"69777698812558398975421155251324740271",
"129362356682636422634674043527455250059",
"28176063121865665378654204168561871458",
"332418229748532078438734901431071398185"
],
"threshold": 0.9
},
"id": "CVE-2016-8887-cbb81028",
"source": "https://github.com/jasper-software/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"file": "src/libjasper/jp2/jp2_cod.c",
"function": "jp2_box_get"
},
"deprecated": false,
"digest": {
"length": 1388.0,
"function_hash": "14110781456049632284308564067589629719"
},
"id": "CVE-2016-8887-ef9beab2",
"source": "https://github.com/jasper-software/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d",
"signature_version": "v1"
}
]