CVE-2016-9557 log

Severity Medium
Remote Yes
Type Denial of service
A signed integer overflow vulnerability has been discovered in jas_image.c triggered by a crafted image. An option max_samples has been added to the BMP and JPEG decoders to restrict the maximum size of image that they can decode. This change was made as a (possibly temporary) fix to address security concerns.
Group Package Affected Fixed Severity Status Ticket
AVG-14 jasper 1.900.1-15 1.900.31-1 Critical Fixed
Date Advisory Group Package Severity Type
07 Dec 2016 ASA-201612-9 AVG-14 jasper Critical multiple issues