Jasper Project CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Jasper Project CVE published 2017-01-13

CVE-2016-8883

CVE-2016-8883 is a denial-of-service vulnerability in JasPer's JPEG-2000 decoder. According to the CVE record, jpc_dec_tiledecode in jpc_dec.c can hit an assertion failure when processing a crafted file, affecting JasPer versions before 1.900.8. The issue is rated medium severity in NVD, with availability impact only and no evidence in the provided corpus of code execution, data loss, or public weaponization.

MEDIUM Jasper Project CVE published 2017-01-13

CVE-2016-8882

CVE-2016-8882 is a denial-of-service issue in JasPer’s JPEG-2000 decoder path. The affected function, jpc_dec_tilefini in libjasper/jpc/jpc_dec.c, can hit a NULL pointer dereference and crash when processing a crafted file. The CVE record lists JasPer versions before 1.900.8 as vulnerable. NVD assigns medium severity and a CVSS 3.0 vector that reflects availability impact with user interaction required.