CVE-2016-8654

Public on 2017-06-06
Modified on 2017-07-25
Description
A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.
Severity
Important severity
Important
CVSS v3 Base Score
7.8
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 jasper 2017-06-06 ALAS-2017-836 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P
Amazon Linux CVSSv3 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
NVD CVSSv2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P
NVD CVSSv3 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Red Hat: CVE-2016-8654 Mitre: CVE-2016-8654