---

CVE-2016-9557 - log back

CVE-2016-9557 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Denial of service
Description	+ A signed integer overflow vulnerability has been discovered in jas_image.c triggered by a crafted image. An option max_samples has been added to the BMP and JPEG decoders to restrict the maximum size of image that they can decode. This change was made as a (possibly temporary) fix to address security concerns.
References	+ https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a + http://www.openwall.com/lists/oss-security/2016/11/23/2
Notes