CVE-2016-9398

Summary

The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

Impact & exploitability

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products we track (1)

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Official patch: http://www.openwall.com/lists/oss-security/2016/11/17/1 ↗

Additional information

• NVD record
• http://www.openwall.com/lists/oss-security/2016/11/17/1Patch
• https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failurePatch
• https://bugzilla.redhat.com/show_bug.cgi?id=1396980Patch
• http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00008.htmlAdvisory
• http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00009.htmlAdvisory
• http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.htmlAdvisory
• http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.htmlAdvisory
• http://www.securityfocus.com/bid/94382Advisory