Bug 1010786 - (CVE-2016-9397) VUL-1: CVE-2016-9397: jasper: Assert triggered in jpc_dec.c:1817: void jpc_dequantize
(CVE-2016-9397)
VUL-1: CVE-2016-9397: jasper: Assert triggered in jpc_dec.c:1817: void jpc_de...
Status: IN_PROGRESS
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/176461/
CVSSv2:SUSE:CVE-2016-9397:1.5:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-11-17 17:33 UTC by Marcus Meissner
Modified: 2020-10-21 09:18 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
CVE-2016-9397.jasper (352 bytes, application/octet-stream)
2016-11-17 17:37 UTC, Marcus Meissner
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-11-17 17:33:29 UTC
CVE-2016-9397


Affected version:
1.900.13
Output/failure:
type = 0xff76 (UNKNOWN); len = 20;00 40 40 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 imginfo: /tmp/portage/media-
libs/jasper-1.900.13/work/jasper-1.900.13/src/libjasper/jpc/jpc_dec.c:1817: 
void jpc_dequantize(jas_matrix_t *, jpc_fix_t): Assertion `absstepsize >= 0′ 
failed.
Commit fix:
N/A
Fixed version:
N/A
Testcase:
https://github.com/asarubbo/poc/blob/master/00010-jasper-assert-jpc_dequantize


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9397
http://seclists.org/oss-sec/2016/q4/441
Comment 1 Marcus Meissner 2016-11-17 17:37:33 UTC
Created attachment 702522 [details]
CVE-2016-9397.jasper

QA REPRODUCER:

jasper --input CVE-2016-9397.jasper --output foo.bmp
warning: ignoring unknown marker segment
type = 0xff76 (UNKNOWN); len = 20;00 40 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 jasper: jpc_dec.c:1777: jpc_dequantize: Assertion `absstepsize >= 0' failed.
Abgebrochen (Speicherabzug geschrieben)
Comment 2 Swamp Workflow Management 2016-11-17 23:02:35 UTC
bugbot adjusting priority
Comment 5 Michael Vetter 2020-08-13 09:05:32 UTC
Upstream bug: https://github.com/jasper-software/jasper/issues/56
Comment 8 Michael Vetter 2020-08-17 13:33:14 UTC
Same fix as in https://bugzilla.suse.com/show_bug.cgi?id=1011829#c6

jasper-CVE-2016-9397-CVE-2016-9557.patch in home:mvetter:jasper-cves.
Will submit once more issues are fixed.
Comment 11 Swamp Workflow Management 2020-09-21 13:14:58 UTC
SUSE-SU-2020:2690-1: An update that fixes 17 vulnerabilities is now available.

Category: security (low)
Bug References: 1010786,1010979,1010980,1011829,1020451,1020456,1020458,1020460,1045450,1057152,1088278,1092115,1114498,1115637,1117328,1120805,1120807
CVE References: CVE-2016-9397,CVE-2016-9398,CVE-2016-9399,CVE-2016-9557,CVE-2017-14132,CVE-2017-5499,CVE-2017-5503,CVE-2017-5504,CVE-2017-5505,CVE-2017-9782,CVE-2018-18873,CVE-2018-19139,CVE-2018-19543,CVE-2018-20570,CVE-2018-20622,CVE-2018-9154,CVE-2018-9252
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    jasper-1.900.14-195.22.1
SUSE Linux Enterprise Server 12-SP5 (src):    jasper-1.900.14-195.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.