{"id":"CVE-2016-9388","details":"The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.","modified":"2026-04-16T06:16:22.830118976Z","published":"2017-03-23T18:59:00.617Z","related":["SUSE-SU-2017:1901-1","SUSE-SU-2017:1916-1","SUSE-SU-2018:0339-1","openSUSE-SU-2024:10869-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1208"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3693-1/"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/94371"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396962"},{"type":"FIX","url":"https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure"},{"type":"FIX","url":"https://github.com/mdadams/jasper/commit/411a4068f8c464e883358bf403a3e25158863823"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/11/17/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jasper-software/jasper","events":[{"introduced":"0"},{"fixed":"411a4068f8c464e883358bf403a3e25158863823"}]},{"type":"GIT","repo":"https://github.com/mdadams/jasper","events":[{"introduced":"0"},{"fixed":"393c8ea3226351a90f7235f751531b9987e2c9bd"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.900.14"}]}}],"versions":["version-1.900.1","version-1.900.10","version-1.900.11","version-1.900.12","version-1.900.13","version-1.900.2","version-1.900.3","version-1.900.4","version-1.900.5","version-1.900.6","version-1.900.7","version-1.900.8","version-1.900.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9388.json","vanir_signatures_modified":"2026-04-11T05:01:05Z","vanir_signatures":[{"id":"CVE-2016-9388-17859c7b","source":"https://github.com/jasper-software/jasper/commit/411a4068f8c464e883358bf403a3e25158863823","signature_version":"v1","digest":{"function_hash":"4326666280842265771737010879183602531","length":1539},"signature_type":"Function","deprecated":false,"target":{"function":"ras_putdatastd","file":"src/libjasper/ras/ras_enc.c"}},{"id":"CVE-2016-9388-1e3c264d","source":"https://github.com/jasper-software/jasper/commit/411a4068f8c464e883358bf403a3e25158863823","signature_version":"v1","digest":{"function_hash":"217224089402127902904416981879277338988","length":1392},"signature_type":"Function","deprecated":false,"target":{"function":"ras_getdatastd","file":"src/libjasper/ras/ras_dec.c"}},{"id":"CVE-2016-9388-6bf58f9b","source":"https://github.com/jasper-software/jasper/commit/411a4068f8c464e883358bf403a3e25158863823","signature_version":"v1","digest":{"line_hashes":["53659357281548918127742944139080637283","286891561961926518406493249121473090682","154794224888586241900536961649065702","85571003986363167024054011278347598328","289588586700551889560108063917833858700","323096389606785836507951533014772620059","331250721560737013288205818233223280163","220096727491287864045251508733337175176","79638097542735873965743719723176432720","144967328717129571800289563033010939426","106877540812924657509657750928399447506","339520953095810544772704771367835393623","223953349391121924243272249251504994099","89338327804051189355471715267009408624","277625803969197945666522234833884920662","151262094977330752819058289035879019919","146372560686644230081230601944973725489","205002108355364679425932841235300664021","82151473694668183117239893568344356034","152309145503705180405932310026179243161","31409196555332830132988853168707081889","55102733759095824698273236528352140398","297874618812469061448918687087490655747","18654365882967278779802077507640555776","216941789385421273128249034056427630104","68593433344179191740725003398649441625","267913659552765024878214354910276079615","235398094437346625223812319212397158289","73526837072729803753243033942910679447","201360674891304459793107466926241999168","220552961578443097644345275365173599931"],"threshold":0.9},"signature_type":"Line","deprecated":false,"target":{"file":"src/libjasper/ras/ras_dec.c"}},{"id":"CVE-2016-9388-7c6733f3","source":"https://github.com/jasper-software/jasper/commit/411a4068f8c464e883358bf403a3e25158863823","signature_version":"v1","digest":{"line_hashes":["241754114891874537510882021981748942001","285460334073855468342359717226364826298","121754193945818487680633886847437836578","48735061190839129613701611184120307777","228848454469032838259469864975853887179","337028391060517617631205798448277473962","22695060904505859637386331239130673207","253474485617551376364183216445940021407","186859720026561761619851353412311294389","73732101674289211854046765182680781478","248933620715626263949006694281788516427","43148976268928900917341664536495792905","239822462107666598848832912563358120241","66509362266196136551849314763713969425","295633295672442871400409696372572111505","228096352429827098316885067231035311107","41864093835788754485475233175174628097","243091332294058959003590911725846235114","40224467388834555286118472675311006061","231488899044503064546904012149763942844","112205914005914430817603012929156987933","82359053321361654806235746097144158860","152309145503705180405932310026179243161","124673822045896436558061083114544366746","76615455921349590519252997715774140421","56374544463080536824498508877445824187","204119314366249449601627053175245663837","216941789385421273128249034056427630104","221031101791803057255158542778818417580","24749078897521986687325642893497786832"],"threshold":0.9},"signature_type":"Line","deprecated":false,"target":{"file":"src/libjasper/ras/ras_enc.c"}},{"id":"CVE-2016-9388-7f91ab9c","source":"https://github.com/jasper-software/jasper/commit/411a4068f8c464e883358bf403a3e25158863823","signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"function_hash":"314395388391711200231107958699316711865","length":950},"target":{"function":"ras_getcmap","file":"src/libjasper/ras/ras_dec.c"}}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}