{"id":"CVE-2017-6850","details":"The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.","modified":"2026-04-16T06:18:10.145809110Z","published":"2017-03-15T14:59:01.557Z","related":["SUSE-SU-2017:0946-1","SUSE-SU-2017:0953-1","openSUSE-SU-2024:10869-1"],"references":[{"type":"WEB","url":"https://usn.ubuntu.com/3693-1/"},{"type":"FIX","url":"https://blogs.gentoo.org/ago/2017/01/25/jasper-null-pointer-dereference-in-jp2_cdef_destroy-jp2_cod-c/"},{"type":"FIX","url":"https://github.com/mdadams/jasper/commit/e96fc4fdd525fa0ede28074a7e2b1caf94b58b0d"},{"type":"FIX","url":"https://github.com/mdadams/jasper/issues/112"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jasper-software/jasper","events":[{"introduced":"0"},{"fixed":"e96fc4fdd525fa0ede28074a7e2b1caf94b58b0d"}]},{"type":"GIT","repo":"https://github.com/mdadams/jasper","events":[{"introduced":"0"},{"last_affected":"7692d6d1a0bfbd9a1d3f905337e3457cec39bced"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0.12"}]}}],"versions":["mdadams-clang-issue","version-1.900.1","version-1.900.10","version-1.900.11","version-1.900.12","version-1.900.13","version-1.900.14","version-1.900.15","version-1.900.16","version-1.900.17","version-1.900.18","version-1.900.19","version-1.900.2","version-1.900.20","version-1.900.21","version-1.900.22","version-1.900.23","version-1.900.24","version-1.900.25","version-1.900.26","version-1.900.27","version-1.900.28","version-1.900.29","version-1.900.3","version-1.900.30","version-1.900.31","version-1.900.4","version-1.900.5","version-1.900.6","version-1.900.7","version-1.900.8","version-1.900.9","version-2.0.0","version-2.0.0-beta.1","version-2.0.0-beta.2","version-2.0.1","version-2.0.10","version-2.0.11","version-2.0.12","version-2.0.2","version-2.0.3","version-2.0.4","version-2.0.5","version-2.0.6","version-2.0.7","version-2.0.8","version-2.0.9"],"database_specific":{"vanir_signatures":[{"digest":{"function_hash":"144199561992321904131029331202114660556","length":385},"signature_version":"v1","id":"CVE-2017-6850-0c7f50af","target":{"file":"src/libjasper/jp2/jp2_cod.c","function":"jp2_bpcc_getdata"},"signature_type":"Function","source":"https://github.com/jasper-software/jasper/commit/e96fc4fdd525fa0ede28074a7e2b1caf94b58b0d","deprecated":false},{"digest":{"function_hash":"200879242925112360450879935629508607625","length":933},"signature_version":"v1","id":"CVE-2017-6850-1c25c849","target":{"file":"src/libjasper/jp2/jp2_cod.c","function":"jp2_pclr_getdata"},"signature_type":"Function","source":"https://github.com/jasper-software/jasper/commit/e96fc4fdd525fa0ede28074a7e2b1caf94b58b0d","deprecated":false},{"signature_type":"Function","signature_version":"v1","id":"CVE-2017-6850-48e8f1fa","target":{"file":"src/libjasper/jp2/jp2_cod.c","function":"jp2_box_create"},"digest":{"function_hash":"290608737013309914155943867776775826666","length":324},"source":"https://github.com/jasper-software/jasper/commit/e96fc4fdd525fa0ede28074a7e2b1caf94b58b0d","deprecated":false},{"signature_type":"Function","signature_version":"v1","id":"CVE-2017-6850-529e6565","target":{"file":"src/libjasper/jp2/jp2_cod.c","function":"jp2_cmap_getdata"},"digest":{"function_hash":"124477488905963579930346530371732892467","length":499},"source":"https://github.com/jasper-software/jasper/commit/e96fc4fdd525fa0ede28074a7e2b1caf94b58b0d","deprecated":false},{"digest":{"function_hash":"287330774655210398704798493096089674358","length":516},"signature_version":"v1","id":"CVE-2017-6850-6bae9c0d","target":{"file":"src/libjasper/jp2/jp2_cod.c","function":"jp2_cdef_getdata"},"signature_type":"Function","source":"https://github.com/jasper-software/jasper/commit/e96fc4fdd525fa0ede28074a7e2b1caf94b58b0d","deprecated":false},{"digest":{"function_hash":"50465563369929635504376349775961532487","length":867},"signature_version":"v1","id":"CVE-2017-6850-98029fd3","target":{"file":"src/libjasper/jp2/jp2_cod.c","function":"jp2_box_put"},"signature_type":"Function","source":"https://github.com/jasper-software/jasper/commit/e96fc4fdd525fa0ede28074a7e2b1caf94b58b0d","deprecated":false},{"digest":{"line_hashes":["253893826491980662722596097086461108668","206464271775047721251230350270443006218","171967575788846005050493880481656616337","77063531980862491501634740297134338610","140647292211198145036485160454736531035","86523989627858271736176870890663776963","68110972266711325502782313339676010623","70415572276348125691580810599837076741","194203646184139544156567291721325612370","54175744331686108583557154689490418723","26440966241012257493335620833337799887","100016085184924812712673588833577811656","206440465464689041882836710841694006360","168532928487672538407355996547311233470","190048877733282346187993799611062090676","173539845240277023997822140690932697188","127683532465109949820351605366215594061","149212198714581389734331933636264023938","124495268798490832894571253019832602464","107518080911473992862346913865786035915","124490915317682306619915354883621969500","304632023682556770168100715491974586766","104025341730808339859567883294565073259","108628265058401992128665967293875959324","155643897380841565423594715170286861932","74593364960095622763568190633852895030","327435674139766922441954501415498901318","16893371897939228305485913135354980300","8328176937960361933320750682320206987","314022504441763256462709918126856408984","41607914288708451776284819274200504348","235569637212340313735330871983688601454","161823588306003748618458472024050181997","42737329892186222386554769192145404384","56406427253962332038284454482259795201","241393276084603933239448713950900416711","258273499168881940861364598995513532410","227235600696582958654945498725231752085","92839117244355531051117937592726226057","329371050944717764049511458330887790751","21752628384590296654000304103847782240","255810372793996734764319979657193943374","192772449230475675100929165155375461043","129031750809906145424543005593497715830","250538932145504851679641380774852573731","207834981976230856473317238831044437464","262929915635026479872732433940233477638","40626572053593660088241248108331217425","225216360710696166128706454305316377198","115646952331238502172641892037542531959"],"threshold":0.9},"signature_version":"v1","id":"CVE-2017-6850-a9511cd5","target":{"file":"src/libjasper/jp2/jp2_cod.c"},"signature_type":"Line","source":"https://github.com/jasper-software/jasper/commit/e96fc4fdd525fa0ede28074a7e2b1caf94b58b0d","deprecated":false},{"digest":{"function_hash":"255516413520504555572486219663977560868","length":1536},"signature_version":"v1","id":"CVE-2017-6850-f17da4ec","target":{"file":"src/libjasper/jp2/jp2_cod.c","function":"jp2_box_get"},"signature_type":"Function","source":"https://github.com/jasper-software/jasper/commit/e96fc4fdd525fa0ede28074a7e2b1caf94b58b0d","deprecated":false}],"vanir_signatures_modified":"2026-04-11T04:59:50Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6850.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}