Bug 1010980 (CVE-2016-9399) - VUL-1: CVE-2016-9399: jasper: Assertion triggered in calcstepsizes
Summary: VUL-1: CVE-2016-9399: jasper: Assertion triggered in calcstepsizes
Status: RESOLVED FIXED
Alias: CVE-2016-9399
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/176455/
Whiteboard: CVSSv2:SUSE:CVE-2016-9399:1.5:(AV:L/...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-11-18 16:02 UTC by Marcus Meissner
Modified: 2022-09-16 13:14 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
CVE-2016-9399.jasper (220 bytes, application/octet-stream)
2016-11-18 16:05 UTC, Marcus Meissner
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-11-18 16:02:46 UTC
CVE-2016-9399


Affected version:
1.900.22
Output/failure:
warning: trailing garbage in marker segment (9 bytes)
warning: trailing garbage in marker segment (28 bytes)
warning: trailing garbage in marker segment (40 bytes)
warning: ignoring unknown marker segment (0xffee)
type = 0xffee (UNKNOWN); len = 23;1f 32 ff ff ff 00 10 00 3d 4d 00 01 32 40 e4 
e4 00 10 00 00 4f warning: trailing garbage in marker segment (12 bytes)
imginfo: /tmp/portage/media-
libs/jasper-1.900.22/work/jasper-1.900.22/src/libjasper/jpc/jpc_dec.c:1650: 
void calcstepsizes(uint_fast16_t, int, uint_fast16_t *): Assertion `!((expn + 
(numrlvls – 1) – (numrlvls – 1 – ((bandno > 0) ? ((bandno + 2) / 3) : (0)))) & 
(~0x1f))’ failed.
Commit fix:
N/A
Fixed version:
N/A
Testcase:
https://github.com/asarubbo/poc/blob/master/00044-jasper-assert-calcstepsizes


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9399
http://seclists.org/oss-sec/2016/q4/441
Comment 1 Marcus Meissner 2016-11-18 16:05:03 UTC
Created attachment 702725 [details]
CVE-2016-9399.jasper

QA REPRODUCER:

jasper --input CVE-2016-9399.jasper --output foo.bmp
warning: trailing garbage in marker segment (9 bytes)
warning: trailing garbage in marker segment (28 bytes)
warning: trailing garbage in marker segment (40 bytes)
error: cannot load image data
Comment 2 Swamp Workflow Management 2016-11-18 23:02:02 UTC
bugbot adjusting priority
Comment 3 Wolfgang Frisch 2019-11-14 13:44:36 UTC
Still unfixed in upstream: https://github.com/mdadams/jasper/issues/83

It's a very minor issue, though.
Comment 4 Michael Vetter 2020-08-13 12:35:39 UTC
Fixes:
* https://github.com/jasper-software/jasper/commit/d9dbe898ae1eb3ac7b196cad1d1caa75e19c56ba
* https://github.com/jasper-software/jasper/commit/84d00fb29a22e360c2ff91bdc2cd81c288826bfc

jasper-CVE-2016-9399.patch in home:mvetter:jasper-cves.
Will submit once more issues are fixed.
Comment 7 Swamp Workflow Management 2020-09-21 13:15:12 UTC
SUSE-SU-2020:2690-1: An update that fixes 17 vulnerabilities is now available.

Category: security (low)
Bug References: 1010786,1010979,1010980,1011829,1020451,1020456,1020458,1020460,1045450,1057152,1088278,1092115,1114498,1115637,1117328,1120805,1120807
CVE References: CVE-2016-9397,CVE-2016-9398,CVE-2016-9399,CVE-2016-9557,CVE-2017-14132,CVE-2017-5499,CVE-2017-5503,CVE-2017-5504,CVE-2017-5505,CVE-2017-9782,CVE-2018-18873,CVE-2018-19139,CVE-2018-19543,CVE-2018-20570,CVE-2018-20622,CVE-2018-9154,CVE-2018-9252
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    jasper-1.900.14-195.22.1
SUSE Linux Enterprise Server 12-SP5 (src):    jasper-1.900.14-195.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2020-09-21 13:22:35 UTC
SUSE-SU-2020:2689-1: An update that fixes 14 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1010979,1010980,1020451,1020456,1020458,1020460,1045450,1057152,1088278,1114498,1115637,1117328,1120805,1120807
CVE References: CVE-2016-9398,CVE-2016-9399,CVE-2017-14132,CVE-2017-5499,CVE-2017-5503,CVE-2017-5504,CVE-2017-5505,CVE-2017-9782,CVE-2018-18873,CVE-2018-19139,CVE-2018-19543,CVE-2018-20570,CVE-2018-20622,CVE-2018-9252
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (src):    jasper-2.0.14-3.16.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src):    jasper-2.0.14-3.16.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    jasper-2.0.14-3.16.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    jasper-2.0.14-3.16.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    jasper-2.0.14-3.16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2020-09-24 16:18:11 UTC
openSUSE-SU-2020:1517-1: An update that fixes 14 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1010979,1010980,1020451,1020456,1020458,1020460,1045450,1057152,1088278,1114498,1115637,1117328,1120805,1120807
CVE References: CVE-2016-9398,CVE-2016-9399,CVE-2017-14132,CVE-2017-5499,CVE-2017-5503,CVE-2017-5504,CVE-2017-5505,CVE-2017-9782,CVE-2018-18873,CVE-2018-19139,CVE-2018-19543,CVE-2018-20570,CVE-2018-20622,CVE-2018-9252
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    jasper-2.0.14-lp151.4.9.1
Comment 10 Swamp Workflow Management 2020-09-25 10:18:10 UTC
openSUSE-SU-2020:1523-1: An update that fixes 14 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1010979,1010980,1020451,1020456,1020458,1020460,1045450,1057152,1088278,1114498,1115637,1117328,1120805,1120807
CVE References: CVE-2016-9398,CVE-2016-9399,CVE-2017-14132,CVE-2017-5499,CVE-2017-5503,CVE-2017-5504,CVE-2017-5505,CVE-2017-9782,CVE-2018-18873,CVE-2018-19139,CVE-2018-19543,CVE-2018-20570,CVE-2018-20622,CVE-2018-9252
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    jasper-2.0.14-lp152.7.3.1
Comment 11 Carlos López 2022-09-16 13:14:43 UTC
Done, closing.