Vulnerability Database

296,172

Total vulnerabilities in the database

CVE-2016-1577

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.

  • Published: Apr 13, 2016
  • Updated: Apr 13, 2023
  • CVE: CVE-2016-1577
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.6
  • AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Software From Fixed in
canonical / ubuntu_linux 12.04 12.04.x
canonical / ubuntu_linux 15.10 15.10.x
canonical / ubuntu_linux 14.04 14.04.x
jasper_project / jasper - 1.900.1.x