CVE-2016-9583 — MEDIUM (5.5)

Q: What is CVE-2016-9583?

CVE-2016-9583 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

Q: How severe is CVE-2016-9583?

CVE-2016-9583 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-9583?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Eus, Redhat Enterprise Linux Server Tus.

Vulnerability Description

An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Server Aus	7.3
Redhat	Enterprise Linux Server Eus	7.3
Redhat	Enterprise Linux Server Tus	7.3
Redhat	Enterprise Linux Workstation	6.0
Jasper Project	Jasper	< 2.0.6
Oracle	Outside In Technology	8.5.3

Related Weaknesses (CWE)

CWE-190 CWE-125

References

http://www.securityfocus.com/bid/94925Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:1208Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9583ExploitIssue TrackingPatch
https://github.com/mdadams/jasper/commit/aa0b0f79ade5eef8b0e7a214c03f5af54b36ba7PatchThird Party Advisory
https://github.com/mdadams/jasper/commit/f25486c3d4aa472fec79150f2c41ed4333395d3PatchThird Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatchThird Party Advisory
http://www.securityfocus.com/bid/94925Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:1208Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9583ExploitIssue TrackingPatch
https://github.com/mdadams/jasper/commit/aa0b0f79ade5eef8b0e7a214c03f5af54b36ba7PatchThird Party Advisory
https://github.com/mdadams/jasper/commit/f25486c3d4aa472fec79150f2c41ed4333395d3PatchThird Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatchThird Party Advisory

FAQ

What is CVE-2016-9583?

CVE-2016-9583 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

How severe is CVE-2016-9583?

CVE-2016-9583 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-9583?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Eus, Redhat Enterprise Linux Server Tus.