QwikSec

Security Database

CVE

CWE

Training

CVE-2016-8884

Published: Mar 28, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

FEDORA-2016-6c789ba91d

vendor-advisory

x_refsource_FEDORA

https://github.com/mdadams/jasper/commit/5d66894d2313e3f3469f19066e149e08ff076698

x_refsource_CONFIRM

FEDORA-2016-e0f0d48142

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_REDHAT

[oss-security] 20161022 Re: jasper: two NULL pointer dereference in bmp_getdata (bmp_dec.c) (Incomplete fix for CVE-2016-8690)

mailing-list

x_refsource_MLIST

[oss-security] 20161023 Re: jasper: two NULL pointer dereference in bmp_getdata (bmp_dec.c) (Incomplete fix for CVE-2016-8690)

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_BID

https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690/

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=1385499

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.