CVE-2016-9557 - log back

CVE-2016-9557 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A signed integer overflow vulnerability has been discovered in jas_image.c triggered by a crafted image. An option max_samples has been added to the BMP and JPEG decoders to restrict the maximum size of image that they can decode. This change was made as a (possibly temporary) fix to address security concerns.
References
+ https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a
+ http://www.openwall.com/lists/oss-security/2016/11/23/2
Notes