{"id":"CVE-2016-10251","details":"Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.","modified":"2026-04-16T06:17:30.802057433Z","published":"2017-03-15T14:59:00.387Z","related":["SUSE-SU-2017:0946-1","SUSE-SU-2017:0953-1","openSUSE-SU-2024:10869-1"],"references":[{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/97584"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1208"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3827"},{"type":"FIX","url":"https://blogs.gentoo.org/ago/2016/11/04/jasper-use-of-uninitialized-value-in-jpc_pi_nextcprl-jpc_t2cod-c/"},{"type":"FIX","url":"https://github.com/mdadams/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jasper-software/jasper","events":[{"introduced":"0"},{"fixed":"1f0dfe5a42911b6880a1445f13f6d615ddb55387"}]},{"type":"GIT","repo":"https://github.com/mdadams/jasper","events":[{"introduced":"0"},{"last_affected":"862ba25d9b17858a9855b5436446a615f2f012ee"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.900.19"}]}}],"versions":["mdadams-clang-issue","version-1.900.1","version-1.900.10","version-1.900.11","version-1.900.12","version-1.900.13","version-1.900.14","version-1.900.15","version-1.900.16","version-1.900.17","version-1.900.18","version-1.900.19","version-1.900.2","version-1.900.3","version-1.900.4","version-1.900.5","version-1.900.6","version-1.900.7","version-1.900.8","version-1.900.9"],"database_specific":{"vanir_signatures":[{"target":{"file":"src/libjasper/jpc/jpc_t2cod.h"},"digest":{"threshold":0.9,"line_hashes":["165689953799654249991137220875181468194","128971190599696607672004705790472716209","340013551664966253502468683426121265696","54483453896853610045188167776453057765","230607466615026152507314415710810724118","215780355437930395610316330135737118086","76677039805164506382714206428313615043","190294190935024944023803776371007662069","95017682708229379985934189969499943622","102421614951700700255535907653668747968","60940970347038936967896411632513501654","156589362343188982671514040987431434435","269892895408404178832435594858801455765","37277427703805217467199849257421117167","321288862409269540886715717266957502046","49240917719790187032713506394057185720"]},"signature_type":"Line","id":"CVE-2016-10251-8a4eeec1","source":"https://github.com/jasper-software/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387","deprecated":false,"signature_version":"v1"},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["166258483757804546597924709934186133410","253977191309708165760353445946583975220","215713522158653146175348022674833104","220709798285471084325188469490273586505","205394709244452991880971703800148336896","133989717379470354156069765785412958800","125791006374783685188298402338964341779","74465330962049681432873469299347392530","7843754396697231044177593896039678262","102160566508520355425429414497908587278","255647365525158235923073766583428674446","133636838350246599771700794233977370781","84047886545597970108647430679865689940","34594557878918465565411771624183116896","331526609333454698491062761269168822536"]},"signature_type":"Line","id":"CVE-2016-10251-f43c126b","source":"https://github.com/jasper-software/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387","deprecated":false,"target":{"file":"src/libjasper/jpc/jpc_t2cod.c"}},{"target":{"file":"src/libjasper/jpc/jpc_t2cod.c","function":"jpc_pi_nextcprl"},"digest":{"length":3042,"function_hash":"4382887644061957087315080177743569799"},"signature_type":"Function","source":"https://github.com/jasper-software/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387","id":"CVE-2016-10251-f715f06a","deprecated":false,"signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10251.json","vanir_signatures_modified":"2026-04-11T03:43:36Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}