CVE-2016-10251

Public on 2017-06-06
Modified on 2017-07-25
Description
Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.
Severity
Low
CVSS v3 Base Score
5.5
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 jasper 2017-06-06 16:49 ALAS-2017-836

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
NVD CVSSv2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P
NVD CVSSv3 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H