{"id":"CVE-2016-9262","details":"Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.","modified":"2026-04-01T23:55:45.498261Z","published":"2017-03-23T18:59:00.350Z","related":["MGASA-2017-0474","SUSE-SU-2017:1901-1","SUSE-SU-2017:1916-1","SUSE-SU-2018:0339-1","openSUSE-SU-2024:10869-1"],"references":[{"type":"WEB","url":"https://usn.ubuntu.com/3693-1/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/11/10/4"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/94224"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1208"},{"type":"ADVISORY","url":"https://blogs.gentoo.org/ago/2016/11/07/jasper-use-after-free-in-jas_realloc-jas_malloc-c"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201707-07"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1393882"},{"type":"FIX","url":"https://github.com/mdadams/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jasper-software/jasper","events":[{"introduced":"0"},{"fixed":"634ce8e8a5accc0fa05dd2c20d42b4749d4b2735"}]},{"type":"GIT","repo":"https://github.com/mdadams/jasper","events":[{"introduced":"0"},{"last_affected":"5fffc5002af3d1183c1e4e50e069b4a0180de9a8"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.900.21"}]}}],"versions":["mdadams-clang-issue","version-1.900.1","version-1.900.10","version-1.900.11","version-1.900.12","version-1.900.13","version-1.900.14","version-1.900.15","version-1.900.16","version-1.900.17","version-1.900.18","version-1.900.19","version-1.900.2","version-1.900.20","version-1.900.21","version-1.900.3","version-1.900.4","version-1.900.5","version-1.900.6","version-1.900.7","version-1.900.8","version-1.900.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9262.json","vanir_signatures":[{"source":"https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735","signature_version":"v1","deprecated":false,"target":{"file":"src/libjasper/include/jasper/jas_stream.h"},"digest":{"threshold":0.9,"line_hashes":["219724719990652264889628271608876014598","118357592843772031776422445580785530354","310586534175906227483175714422220090361","183667670041666856068458692903330977650","32432434967389144469594513051290254616","149499721006600695385588556943438122304","116009489345788889515150588328370174143"]},"signature_type":"Line","id":"CVE-2016-9262-0cb43208"},{"source":"https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735","signature_version":"v1","deprecated":false,"target":{"file":"src/libjasper/base/jas_stream.c","function":"mem_write"},"digest":{"function_hash":"107365459055405317809086758026668971025","length":1214},"signature_type":"Function","id":"CVE-2016-9262-116a56e0"},{"source":"https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735","signature_version":"v1","deprecated":false,"target":{"file":"src/libjasper/base/jas_stream.c","function":"jas_stream_gobble"},"digest":{"function_hash":"306249751145395822357481133631806382195","length":192},"signature_type":"Function","id":"CVE-2016-9262-31c317cd"},{"source":"https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735","signature_version":"v1","deprecated":false,"target":{"file":"src/libjasper/base/jas_image.c"},"digest":{"threshold":0.9,"line_hashes":["120293285447863782994410019962557978870","175866128817032302889822694878780095425","11309053317658463145195600339472461622","95282903951730026644386389065917975282"]},"signature_type":"Line","id":"CVE-2016-9262-46a99910"},{"source":"https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735","signature_version":"v1","deprecated":false,"target":{"file":"src/libjasper/include/jasper/jas_debug.h"},"digest":{"threshold":0.9,"line_hashes":["198016580937250085661400254721907925877","74977991203059858676247979542269997394","28414307166618861384685792422155039532"]},"signature_type":"Line","id":"CVE-2016-9262-49a8c5d7"},{"source":"https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735","signature_version":"v1","deprecated":false,"target":{"file":"src/libjasper/base/jas_stream.c"},"digest":{"threshold":0.9,"line_hashes":["318058704784137261778353391132265888292","121859094996257706222624047863020389700","95112315334303378708601303427639806391","1169363991345786512976083530781633520","38105903932713202247675469455018481633","127107462986842405834283876229869721736","288489433665156828298277767155033594753","182363861686656335653834784039274986720","267500409142905049773585574842340849649","157389854956232376956932457410759730506","132746329559886733339644852645316792476","298489451390871533712167616866457124495","228487709909153299239151026632638455027","43676874433392929830526152710121404460","248085734641025010408105353823158221277","213526631310549727030056512551189842674","217350954414303395373204088737546629171","163875592641492836341430872516405121214","248085734641025010408105353823158221277","21968914452513929748931956606633778174","325155387619586168378383237146475671517","332358959453952743576446767128925725711","228425453855918294439283761078357875596","333789126061841303577183476379595498088","335187877480414143385042983283458239460","323151671391306774399281415437207046782","59702850803853142551966765801454093124","286883729491788700503570314797927362150","163706843128128951283255948786281900945","116087350261429896912767824483300282634","55773590819217296651919556365457123117","20278755280031648724823858678384118816","221471483590746626467946147905170847666","258492972875782240454643932959359523253","177132024126956043219203108659884259583","237971912953420006931115647071568697551","202951835245307066866641115807475744563","209763680972349204659354815788944834632","525979416025719320450975315810310702","70970118484156658674434464834437885662","338155506006494282656612890029877348562","47089471943668842137288540501374631436","53089760338726211053781367864998923929","116778007951636609886675548948884673760","115511691787180364336348658761487703397","80103926750283754566728194084174213917","269202434169252821684756510798885812227","101161000978058270994213333980107717953","265546185880268898552921676461601074166","245554665737767739657342202225851358941","19644029247338431082099547789508282293","299665350200214706984293930710102463250","320403903476001421447510606174509992392","93472632449288801190831574306251527710"]},"signature_type":"Line","id":"CVE-2016-9262-7025dfac"},{"source":"https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735","signature_version":"v1","deprecated":false,"target":{"file":"src/libjasper/base/jas_stream.c","function":"jas_stream_read"},"digest":{"function_hash":"336961532597015522390015666127249129953","length":253},"signature_type":"Function","id":"CVE-2016-9262-76d799ee"},{"source":"https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735","signature_version":"v1","deprecated":false,"target":{"file":"src/libjasper/base/jas_stream.c","function":"jas_stream_pad"},"digest":{"function_hash":"124570874082151535827709451320174503838","length":210},"signature_type":"Function","id":"CVE-2016-9262-849d211d"},{"source":"https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735","signature_version":"v1","deprecated":false,"target":{"file":"src/libjasper/base/jas_stream.c","function":"jas_stream_write"},"digest":{"function_hash":"254384913492403561667907704492868260123","length":243},"signature_type":"Function","id":"CVE-2016-9262-9abe70d0"},{"source":"https://github.com/jasper-software/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735","signature_version":"v1","deprecated":false,"target":{"file":"src/libjasper/base/jas_stream.c","function":"mem_resize"},"digest":{"function_hash":"314134384356235645966067672322173596306","length":452},"signature_type":"Function","id":"CVE-2016-9262-b33a0b34"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}