NULL pointer dereference in JasPer - CVE-2016-9600
Published: March 14, 2018 / Updated: March 20, 2018
Vulnerability identifier: #VU11071
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2016-9600
CWE-ID: CWE-476
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: The JasPer Project
Affected software:
JasPer
JasPer
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the JP2 encoder feature due to NULL pointer dereference when processing crafted JPEG 2000 image files. A remote attacker can send a specially crafted JPEG 2000 image file with an application, trick the victim into opening it, trigger memory corruption and cause the service to crash.
The weakness exists in the JP2 encoder feature due to NULL pointer dereference when processing crafted JPEG 2000 image files. A remote attacker can send a specially crafted JPEG 2000 image file with an application, trick the victim into opening it, trigger memory corruption and cause the service to crash.
How to mitigate CVE-2016-9600
Update to version 2.0.10.