CVE-2016-8886 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
A memory allocation failure was found in jas_malloc triggered by a crafted file that results in an application crash leading to denial of service.
Group Package Affected Fixed Severity Status Ticket
AVG-69 jasper 2.0.10-1 2.0.12-1 High Fixed
Date Advisory Group Package Severity Description
14 Mar 2017 ASA-201703-9 AVG-69 jasper High multiple issues
References
http://seclists.org/oss-sec/2016/q4/214
https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c
https://github.com/mdadams/jasper/commit/65536647d380571d1a9a6c91fa03775fb5bbd256
Notes
Fixed in version 1.900.11 via commit https://github.com/mdadams/jasper/commit/65536647d380571d1a9a6c91fa03775fb5bbd256 now part of version-2.0.12