CVE-2016-10249

Name: CVE-2016-10249
Creator: NVD / NIST
Published: 2017-03-15T14:59:00.307+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.07%

Last modified Jun 17, 2026

CVE-2016-10249 is a vulnerability of currently unknown severity. Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.. EPSS estimates a 2.07% chance of exploitation in the next 30 days.

Description

Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.

Metrics

EPSS Probability

2.07%

78.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-190

Affected Software

Vendor	Product	Versions
Jasper Project	Jasper	<= 1.900.11

References

http://www.debian.org/security/2017/dsa-3827
http://www.securityfocus.com/bid/93838
https://access.redhat.com/errata/RHSA-2017:1208
https://blogs.gentoo.org/ago/2016/10/23/jasper-heap-based-buffer-overflow-in-jpc_dec_tiledecode-jpc_dec-c/Exploit, Issue Tracking, Patch, Third Party Advisory, VDB Entry
https://github.com/mdadams/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568Patch, Third Party Advisory
http://www.debian.org/security/2017/dsa-3827
http://www.securityfocus.com/bid/93838
https://access.redhat.com/errata/RHSA-2017:1208
https://blogs.gentoo.org/ago/2016/10/23/jasper-heap-based-buffer-overflow-in-jpc_dec_tiledecode-jpc_dec-c/Exploit, Issue Tracking, Patch, Third Party Advisory, VDB Entry
https://github.com/mdadams/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568Patch, Third Party Advisory

Timeline

Published: Mar 15, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-10249?

How severe is CVE-2016-10249?

Severity scoring for CVE-2016-10249 is pending analysis. The EPSS model estimates a 2.07% probability of exploitation in the next 30 days.

How do I fix CVE-2016-10249?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-10249?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST