CVE-2016-9557 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
A signed integer overflow vulnerability has been discovered in jas_image.c triggered by a crafted image. An option max_samples has been added to the BMP and JPEG decoders to restrict the maximum size of image that they can decode. This change was made as a (possibly temporary) fix to address security concerns.
Group Package Affected Fixed Severity Status Ticket
AVG-14 jasper 1.900.1-15 1.900.31-1 Critical Fixed
Date Advisory Group Package Severity Description
07 Dec 2016 ASA-201612-9 AVG-14 jasper Critical multiple issues
References
https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a
http://www.openwall.com/lists/oss-security/2016/11/23/2