CVE-2016-9398high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
References
http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html
http://www.openwall.com/lists/oss-security/2016/11/17/1
http://www.securityfocus.com/bid/94382
https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure
Details
Source: MITRE
Published: 2017-03-23
Updated: 2021-02-22
Type: CWE-617
Risk Information
CVSS v2
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
CVSS v3
Base Score: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
Configuration 3
OR
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:raspberry_pi:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp2:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 146125 | Fedora 32 : jasper (2021-0a6290f865) | Nessus | Fedora Local Security Checks | high |
| 145784 | Fedora 33 : jasper (2021-2b151590d9) | Nessus | Fedora Local Security Checks | high |
| 143883 | SUSE SLED15 / SLES15 Security Update : jasper (SUSE-SU-2020:2689-1) | Nessus | SuSE Local Security Checks | high |
| 143645 | SUSE SLES12 Security Update : jasper (SUSE-SU-2020:2690-1) | Nessus | SuSE Local Security Checks | high |
| 141151 | openSUSE Security Update : jasper (openSUSE-2020-1517) | Nessus | SuSE Local Security Checks | high |
| 141070 | openSUSE Security Update : jasper (openSUSE-2020-1523) | Nessus | SuSE Local Security Checks | high |
| 139830 | FreeBSD : jasper -- multiple vulnerabilities (6842ac7e-d250-11ea-b9b7-08002728f74c) | Nessus | FreeBSD Local Security Checks | high |
| 134477 | EulerOS Virtualization for ARM 64 3.0.2.0 : jasper (EulerOS-SA-2020-1188) | Nessus | Huawei Local Security Checks | high |
| 132133 | EulerOS 2.0 SP3 : jasper (EulerOS-SA-2019-2598) | Nessus | Huawei Local Security Checks | high |
| 131804 | EulerOS 2.0 SP5 : jasper (EulerOS-SA-2019-2530) | Nessus | Huawei Local Security Checks | high |
| 131643 | EulerOS 2.0 SP2 : jasper (EulerOS-SA-2019-2490) | Nessus | Huawei Local Security Checks | high |
| 99232 | SUSE SLES11 Security Update : jasper (SUSE-SU-2017:0946-1) | Nessus | SuSE Local Security Checks | high |
| 96400 | openSUSE Security Update : jasper (openSUSE-2017-70) | Nessus | SuSE Local Security Checks | high |
| 96387 | SUSE SLED12 / SLES12 Security Update : jasper (SUSE-SU-2017:0084-1) | Nessus | SuSE Local Security Checks | high |