CVE-2016-9557 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Denial of service
Description	A signed integer overflow vulnerability has been discovered in jas_image.c triggered by a crafted image. An option max_samples has been added to the BMP and JPEG decoders to restrict the maximum size of image that they can decode. This change was made as a (possibly temporary) fix to address security concerns.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-14	jasper	1.900.1-15	1.900.31-1	Critical	Fixed

Date	Advisory	Group	Package	Severity	Type
07 Dec 2016	ASA-201612-9	AVG-14	jasper	Critical	multiple issues

References
https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a http://www.openwall.com/lists/oss-security/2016/11/23/2