Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-wpup-kuqp-fbeb

Summary jasper: reachable assertions caused by insufficient component domains checks in ICT/RCT in JPC codec

Aliases

alias	CVE-2016-9389

Fixed_packages

Affected_packages

url pkg:rpm/redhat/jasper@1.900.1-21?arch=el6_9

purl pkg:rpm/redhat/jasper@1.900.1-21?arch=el6_9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mns-2axr-w3a1

vulnerability	VCID-3m5a-x31m-wqhs

vulnerability	VCID-6qcp-9kba-1khz

vulnerability	VCID-7m7h-qxef-xfec

vulnerability	VCID-87vn-adcw-37bh

vulnerability	VCID-9cz2-djvk-quc6

vulnerability	VCID-9hdt-gf9q-skh8

vulnerability	VCID-aehh-ywwn-byee

vulnerability	VCID-bpmw-qhm1-audu

vulnerability	VCID-cs69-t6yr-zubs

vulnerability	VCID-d8pr-auwp-x7gd

vulnerability	VCID-d9ga-c25d-mfg5

vulnerability	VCID-dfkc-hyp3-6kbd

vulnerability	VCID-fjpb-8pyh-67cb

vulnerability	VCID-grw9-sn4c-57aj

vulnerability	VCID-hc16-adzw-5fbz

vulnerability	VCID-hdut-23jk-nfc5

vulnerability	VCID-hmxs-jxny-j7bg

vulnerability	VCID-hq12-wrsv-qffj

vulnerability	VCID-k363-jg3m-1yhz

vulnerability	VCID-kucv-63eu-cueq

vulnerability	VCID-m93b-k4b2-zye1

vulnerability	VCID-np35-vr8e-wqa9

vulnerability	VCID-nwcp-qs7v-nfaa

vulnerability	VCID-ptkv-jw36-cbar

vulnerability	VCID-rnuc-wtg3-r3cc

vulnerability	VCID-wpup-kuqp-fbeb

vulnerability	VCID-wrwt-qqrc-s7at

vulnerability	VCID-ykxn-bbsr-nycu

vulnerability	VCID-zhwp-sauu-b3g6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jasper@1.900.1-21%3Farch=el6_9

url pkg:rpm/redhat/jasper@1.900.1-30?arch=el7_3

purl pkg:rpm/redhat/jasper@1.900.1-30?arch=el7_3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mns-2axr-w3a1

vulnerability	VCID-3m5a-x31m-wqhs

vulnerability	VCID-6qcp-9kba-1khz

vulnerability	VCID-7m7h-qxef-xfec

vulnerability	VCID-87vn-adcw-37bh

vulnerability	VCID-9cz2-djvk-quc6

vulnerability	VCID-9hdt-gf9q-skh8

vulnerability	VCID-aehh-ywwn-byee

vulnerability	VCID-bpmw-qhm1-audu

vulnerability	VCID-cs69-t6yr-zubs

vulnerability	VCID-d8pr-auwp-x7gd

vulnerability	VCID-d9ga-c25d-mfg5

vulnerability	VCID-dfkc-hyp3-6kbd

vulnerability	VCID-fjpb-8pyh-67cb

vulnerability	VCID-grw9-sn4c-57aj

vulnerability	VCID-hc16-adzw-5fbz

vulnerability	VCID-hdut-23jk-nfc5

vulnerability	VCID-hmxs-jxny-j7bg

vulnerability	VCID-hq12-wrsv-qffj

vulnerability	VCID-k363-jg3m-1yhz

vulnerability	VCID-kucv-63eu-cueq

vulnerability	VCID-m93b-k4b2-zye1

vulnerability	VCID-np35-vr8e-wqa9

vulnerability	VCID-nwcp-qs7v-nfaa

vulnerability	VCID-ptkv-jw36-cbar

vulnerability	VCID-rnuc-wtg3-r3cc

vulnerability	VCID-wpup-kuqp-fbeb

vulnerability	VCID-wrwt-qqrc-s7at

vulnerability	VCID-ykxn-bbsr-nycu

vulnerability	VCID-zhwp-sauu-b3g6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jasper@1.900.1-30%3Farch=el7_3

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9389.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9389.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9389

reference_id

reference_type

scores

value	0.01628
scoring_system	epss
scoring_elements	0.81805
published_at	2026-04-01T12:55:00Z

value	0.01628
scoring_system	epss
scoring_elements	0.8191
published_at	2026-04-21T12:55:00Z

value	0.01628
scoring_system	epss
scoring_elements	0.81889
published_at	2026-04-11T12:55:00Z

value	0.01628
scoring_system	epss
scoring_elements	0.81877
published_at	2026-04-12T12:55:00Z

value	0.01628
scoring_system	epss
scoring_elements	0.81872
published_at	2026-04-13T12:55:00Z

value	0.01628
scoring_system	epss
scoring_elements	0.81908
published_at	2026-04-18T12:55:00Z

value	0.01628
scoring_system	epss
scoring_elements	0.81815
published_at	2026-04-02T12:55:00Z

value	0.01628
scoring_system	epss
scoring_elements	0.81838
published_at	2026-04-04T12:55:00Z

value	0.01628
scoring_system	epss
scoring_elements	0.81836
published_at	2026-04-07T12:55:00Z

value	0.01628
scoring_system	epss
scoring_elements	0.81862
published_at	2026-04-08T12:55:00Z

value	0.01628
scoring_system	epss
scoring_elements	0.81869
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9389

reference_url	https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure
reference_id
reference_type
scores
url	https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	1.5
scoring_system	cvssv2
scoring_elements	AV:L/AC:M/Au:S/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/mdadams/jasper/commit/dee11ec440d7908d1daf69f40a3324b27cf213ba
reference_id
reference_type
scores
url	https://github.com/mdadams/jasper/commit/dee11ec440d7908d1daf69f40a3324b27cf213ba

reference_url	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_url	http://www.openwall.com/lists/oss-security/2016/11/17/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2016/11/17/1

reference_url	http://www.securityfocus.com/bid/94371
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94371

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1396963
reference_id	1396963
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1396963

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jasper_project:jasper::::::::
reference_id	cpe:2.3:a:jasper_project:jasper::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jasper_project:jasper::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9389

reference_id

CVE-2016-9389

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9389

reference_url	https://access.redhat.com/errata/RHSA-2017:1208
reference_id	RHSA-2017:1208
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1208

reference_url	https://usn.ubuntu.com/3693-1/
reference_id	USN-3693-1
reference_type
scores
url	https://usn.ubuntu.com/3693-1/

Weaknesses

cwe_id	617
name	Reachable Assertion
description	The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Exploits

Severity_range_score 1.5 - 7.5

Exploitability 0.5

Weighted_severity 6.8

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wpup-kuqp-fbeb

Vulnerability Instance