CVE-2016-8654

Public on 2017-06-06
Modified on 2017-07-25
Description
A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.
Severity
Important severity
Important
CVSS v3 Base Score
7.8
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
HAQM Linux 1 jasper 2017-06-06 ALAS-2017-836 Fixed

CVSS Scores

Score Type Score Vector
HAQM Linux CVSSv2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P
HAQM Linux CVSSv3 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
NVD CVSSv2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P
NVD CVSSv3 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Red Hat: CVE-2016-8654 Mitre: CVE-2016-8654