CVE-2016-9591 log

Severity High
Remote Yes
Type Arbitrary code execution
A heap-use-after-free vulnerability has been found in jasper. The vulnerability exists in code responsible for re-encoding the decoded input image file to a J2P image. The vulnerability is caused by not setting related pointers to be null after the pointers are freed (i.e. missing Setting-Pointer-Null operations after free). The vulnerability can further cause double-free.
Group Package Affected Fixed Severity Status Ticket
AVG-69 jasper 2.0.10-1 2.0.12-1 High Fixed
Date Advisory Group Package Severity Type
14 Mar 2017 ASA-201703-9 AVG-69 jasper High multiple issues