Vulnerability CVE-2016-9397

Vulnerability Name:

CVE-2016-9397 (CCN-123691)

Assigned:

2016-11-17

Published:

2017-03-23

Updated:

2021-02-22

Summary:

The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-617

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2016-9397

Source: CCN
Type: oss-sec Mailing List, Thu, 17 Nov 2016 02:56:39 -0500
Re: jasper: multiple assertion failures

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory, VDB Entry
[oss-security] 20161117 Re: jasper: multiple assertion failures

Source: BID
Type: Third Party Advisory, VDB Entry
94373

Source: CCN
Type: BID-94373
JasPer CVE-2016-9397 Denial of Service Vulnerability

Source: MISC
Type: Third Party Advisory
https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure

Source: CONFIRM
Type: Issue Tracking, Third Party Advisory, VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1396979

Source: XF
Type: UNKNOWN
jasper-cve20169397-dos(123691)

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-0a6290f865

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-2b151590d9

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-9397

Vulnerable Configuration:

Configuration 1:

cpe:/a:jasper_project:jasper:1.900.13:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:jasper_project:jasper:1.900.13:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20169397	V	CVE-2016-9397	2022-09-02
oval:org.opensuse.security:def:30172	P	Security update for apache2 (Important)	2022-01-12
oval:org.opensuse.security:def:33758	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:30279	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:34000	P	Security update for postgresql10 (Important)	2021-11-22
oval:org.opensuse.security:def:23699	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:33037	P	Security update for tomcat (Important)	2021-11-03
oval:org.opensuse.security:def:30260	P	Security update for qemu (Important)	2021-10-28
oval:org.opensuse.security:def:61566	P	libqpdf21-8.0.2-1.5 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:23653	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:30117	P	Security update for openssl (Important)	2021-08-24
oval:org.opensuse.security:def:23953	P	Security update for java-1_8_0-openjdk (Important)	2021-08-20
oval:org.opensuse.security:def:32980	P	Security update for spice-vdagent (Moderate)	2021-08-17
oval:org.opensuse.security:def:46994	P	libXi6-1.7.4-9.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46931	P	e2fsprogs-1.42.11-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47785	P	libsoup-2_4-1-2.62.2-5.7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47732	P	libksba8-1.3.0-23.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47094	P	libvorbis-doc-1.3.3-8.23 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47025	P	libgssglue1-0.4-3.76 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46915	P	cups-1.7.5-12.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:62766	P	libSDL-1_2-0-1.2.15-3.12.73 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62728	P	MozillaFirefox-78.10.0-8.38.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62815	P	libsrtp2-1-2.2.0-1.34 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62089	P	graphite2-devel-1.3.11-2.12 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:30221	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:45914	P	Security update for libgcrypt (Important)	2021-06-18
oval:org.opensuse.security:def:46347	P	Security update for xterm (Important)	2021-06-14
oval:org.opensuse.security:def:46864	P	vsftpd-3.0.2-24.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46870	P	xdg-utils-20140630-5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46788	P	libyaml-0-2-0.1.6-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46577	P	squidGuard-1.4-23.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61295	P	libudisks2-0-2.6.5-1.47 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46435	P	gv-3.7.4-1.36 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61129	P	bash-4.4-7.14 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:62865	P	ocaml-libguestfs-devel-1.38.0-3.52 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:23583	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:23906	P	Security update for curl (Moderate)	2021-05-27
oval:org.opensuse.security:def:24041	P	Security update for wavpack (Important)	2021-03-24
oval:org.opensuse.security:def:23764	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:24029	P	Security update for grub2 (Important)	2021-03-02
oval:org.opensuse.security:def:33086	P	Security update for ImageMagick (Moderate)	2021-02-25
oval:org.opensuse.security:def:61107	P	Security update for ImageMagick (Moderate)	2021-02-19
oval:org.opensuse.security:def:28940	P	Security update for krb5-appl (Important)	2021-02-19
oval:org.opensuse.security:def:61106	P	Security update for python (Important)	2021-02-11
oval:org.opensuse.security:def:33911	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:29964	P	Security update for clamav (Important)	2020-12-22
oval:org.opensuse.security:def:33622	P	Security update for openssl-1_1 (Important)	2020-12-10
oval:org.opensuse.security:def:34328	P	Security update for the Linux Kernel (Important)	2020-12-09
oval:org.opensuse.security:def:32824	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:61884	P	libsoup-2_4-1-2.68.3-2.32 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61757	P	graphite2-devel-1.3.11-2.12 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62636	P	gnome-shell-3.34.4+4-1.58 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62535	P	libSDL-1_2-0-1.2.15-3.9.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62898	P	dpkg-1.19.0.4-2.30 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62407	P	gcab-1.1-1.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:29821	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:29817	P	Security update for jasper (Low)	2020-12-01
oval:org.opensuse.security:def:24398	P	Security update for libqt5-qtbase (Moderate)	2020-12-01
oval:org.opensuse.security:def:24715	P	Security update for xerces-c (Moderate)	2020-12-01
oval:org.opensuse.security:def:18209	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:45222	P	Security update for postgresql96 (Moderate)	2020-12-01
oval:org.opensuse.security:def:34372	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:28431	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:18424	P	Security update for quagga (Important)	2020-12-01
oval:org.opensuse.security:def:24804	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:23414	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32680	P	gtk2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:45941	P	Security update for spamassassin (Important)	2020-12-01
oval:org.opensuse.security:def:18671	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25617	P	Security update for jasper (Low)	2020-12-01
oval:org.opensuse.security:def:33528	P	Security update for wget	2020-12-01
oval:org.opensuse.security:def:46219	P	Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:33125	P	kdenetwork4-filesharing on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33527	P	Security update for Websphere Community Edition	2020-12-01
oval:org.opensuse.security:def:29734	P	Security update for foomatic-filters (Moderate)	2020-12-01
oval:org.opensuse.security:def:29781	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:24276	P	Security update for libxslt (Moderate)	2020-12-01
oval:org.opensuse.security:def:24077	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:45112	P	Security update for postgresql10 (Low)	2020-12-01
oval:org.opensuse.security:def:28363	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:18393	P	Security update for ncurses (Moderate)	2020-12-01
oval:org.opensuse.security:def:24753	P	Security update for libqt5-qtbase (Important)	2020-12-01
oval:org.opensuse.security:def:30998	P	Security update for jasper (Low)	2020-12-01
oval:org.opensuse.security:def:28352	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32586	P	openswan on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:45735	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:18659	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:25583	P	Security update for python36 (Important)	2020-12-01
oval:org.opensuse.security:def:23406	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:46031	P	Security update for krb5-appl (Important)	2020-12-01
oval:org.opensuse.security:def:28788	P	Security update for mutt	2020-12-01
oval:org.opensuse.security:def:46226	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:29602	P	Security update for avahi (Moderate)	2020-12-01
oval:org.opensuse.security:def:29143	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:24216	P	Security update for gcc10 (Moderate)	2020-12-01
oval:org.opensuse.security:def:33854	P	Security update for inn	2020-12-01
oval:org.opensuse.security:def:33869	P	Security update for jasper (Low)	2020-12-01
oval:org.opensuse.security:def:45101	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:34303	P	Security update for quagga (Moderate)	2020-12-01
oval:org.opensuse.security:def:45100	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:18336	P	Security update for ghostscript (Moderate)	2020-12-01
oval:org.opensuse.security:def:24606	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:30961	P	Security update for gpg2 (Important)	2020-12-01
oval:org.opensuse.security:def:28351	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32451	P	Security update for xen (Moderate)	2020-12-01
oval:org.opensuse.security:def:45606	P	Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:24945	P	Security update for vim (Important)	2020-12-01
oval:org.opensuse.security:def:28704	P	Security update for gpgme	2020-12-01
oval:org.opensuse.security:def:18602	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:46163	P	Security update for libxslt (Moderate)	2020-12-01
oval:org.opensuse.security:def:29529	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:29099	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:19357	P	Security update for jasper (Low)	2020-12-01
oval:org.opensuse.security:def:29518	P	Security update for LibVNCServer (Moderate)	2020-12-01
oval:org.opensuse.security:def:33830	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:24207	P	Security update for apache-commons-httpclient (Important)	2020-12-01
oval:org.opensuse.security:def:34264	P	Security update for postgresql94 (Important)	2020-12-01
oval:org.opensuse.security:def:18251	P	Security update for audiofile (Low)	2020-12-01
oval:org.opensuse.security:def:24528	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:34215	P	Security update for php5 (Important)	2020-12-01
oval:org.opensuse.security:def:30323	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:32373	P	Security update for tcpdump (Important)	2020-12-01
oval:org.opensuse.security:def:45525	P	Security update for libmodplug (Moderate)	2020-12-01
oval:org.opensuse.security:def:24903	P	Security update for libssh2_org (Important)	2020-12-01
oval:org.opensuse.security:def:35050	P	Security update for jasper (Low)	2020-12-01
oval:org.opensuse.security:def:45902	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:28647	P	Security update for compat-wireless, compat-wireless-debuginfo, compat-wireless-debugsource, compat-wireless-kmp-default, compat-wireless-kmp-pae, compat-wireless-kmp-trace, compat-wireless-kmp-xen	2020-12-01
oval:org.opensuse.security:def:18570	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:46134	P	Security update for dbus-1 (Important)	2020-12-01
oval:org.opensuse.security:def:45901	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:29082	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:19331	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:29517	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:29043	P	Security update for POS_Image3, POS_Server3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:33192	P	libwsman1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29878	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:18217	P	Security update for opus (Important)	2020-12-01
oval:org.opensuse.security:def:24475	P	Security update for xrdp (Important)	2020-12-01
oval:org.opensuse.security:def:34157	P	Security update for openssh-openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:24747	P	Security update for jasper (Low)	2020-12-01
oval:org.opensuse.security:def:32362	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:45404	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:24889	P	Security update for openldap2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:35010	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:32361	P	Security update for strongswan (Important)	2020-12-01
oval:org.opensuse.security:def:28562	P	Security update for icu	2020-12-01
oval:org.opensuse.security:def:18460	P	Security update for Botan (Moderate)	2020-12-01
oval:org.opensuse.security:def:46077	P	Security update for xerces-c (Moderate)	2020-12-01
oval:org.opensuse.security:def:23467	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:32737	P	libvorbis on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46019	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:18693	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:33539	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:28994	P	Security update for conntrack-tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:33148	P	libexiv2-4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:87222	P	Security update for jasper (Low)	2020-09-21
oval:com.ubuntu.precise:def:20169397000	V	CVE-2016-9397 on Ubuntu 12.04 LTS (precise) - low.	2017-03-23
oval:com.ubuntu.trusty:def:20169397000	V	CVE-2016-9397 on Ubuntu 14.04 LTS (trusty) - negligible.	2017-03-23
oval:com.ubuntu.xenial:def:20169397000	V	CVE-2016-9397 on Ubuntu 16.04 LTS (xenial) - negligible.	2017-03-23
oval:com.ubuntu.xenial:def:201693970000000	V	CVE-2016-9397 on Ubuntu 16.04 LTS (xenial) - negligible.	2017-03-23

BACK