Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-1e4z-zk1w-33fw
Summaryjasper: uninitialized pointer use in jp2_box_get()
Aliases
0
alias CVE-2016-8887
Fixed_packages
0
url pkg:alpm/archlinux/jasper@1.900.31-1
purl pkg:alpm/archlinux/jasper@1.900.31-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/jasper@1.900.31-1
Affected_packages
0
url pkg:alpm/archlinux/jasper@1.900.1-15
purl pkg:alpm/archlinux/jasper@1.900.1-15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1e4z-zk1w-33fw
1
vulnerability VCID-1mns-2axr-w3a1
2
vulnerability VCID-273p-y942-ekes
3
vulnerability VCID-2hkv-yn4v-6kcy
4
vulnerability VCID-3m5a-x31m-wqhs
5
vulnerability VCID-6qcp-9kba-1khz
6
vulnerability VCID-87vn-adcw-37bh
7
vulnerability VCID-932v-xwug-nbfy
8
vulnerability VCID-9cz2-djvk-quc6
9
vulnerability VCID-9hdt-gf9q-skh8
10
vulnerability VCID-9kqw-qv6w-zugt
11
vulnerability VCID-aehh-ywwn-byee
12
vulnerability VCID-ckw2-w524-k3gz
13
vulnerability VCID-d9ga-c25d-mfg5
14
vulnerability VCID-dfkc-hyp3-6kbd
15
vulnerability VCID-f3xd-54ke-1bf6
16
vulnerability VCID-hc16-adzw-5fbz
17
vulnerability VCID-hmxs-jxny-j7bg
18
vulnerability VCID-hz9e-rv14-wfhm
19
vulnerability VCID-m85g-54qv-h3at
20
vulnerability VCID-m93b-k4b2-zye1
21
vulnerability VCID-p4ue-y733-1ubd
22
vulnerability VCID-ptkv-jw36-cbar
23
vulnerability VCID-tqtm-achn-z3fg
24
vulnerability VCID-yqjj-75r1-b3ht
25
vulnerability VCID-zhwp-sauu-b3g6
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/jasper@1.900.1-15
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8887.json
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8887.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-8887
reference_id
reference_type
scores
0
value 0.00219
scoring_system epss
scoring_elements 0.4449
published_at 2026-04-01T12:55:00Z
1
value 0.00219
scoring_system epss
scoring_elements 0.44619
published_at 2026-04-16T12:55:00Z
2
value 0.00219
scoring_system epss
scoring_elements 0.44575
published_at 2026-04-09T12:55:00Z
3
value 0.00219
scoring_system epss
scoring_elements 0.44592
published_at 2026-04-11T12:55:00Z
4
value 0.00219
scoring_system epss
scoring_elements 0.44562
published_at 2026-04-12T12:55:00Z
5
value 0.00219
scoring_system epss
scoring_elements 0.44563
published_at 2026-04-13T12:55:00Z
6
value 0.00219
scoring_system epss
scoring_elements 0.4456
published_at 2026-04-02T12:55:00Z
7
value 0.00219
scoring_system epss
scoring_elements 0.44581
published_at 2026-04-04T12:55:00Z
8
value 0.00219
scoring_system epss
scoring_elements 0.4452
published_at 2026-04-07T12:55:00Z
9
value 0.00219
scoring_system epss
scoring_elements 0.4457
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-8887
2
reference_url https://blogs.gentoo.org/ago/2016/10/18/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c
reference_id
reference_type
scores
url https://blogs.gentoo.org/ago/2016/10/18/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 1.9
scoring_system cvssv2
scoring_elements AV:L/AC:M/Au:N/C:N/I:N/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/mdadams/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d
reference_id
reference_type
scores
url https://github.com/mdadams/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/
7
reference_url http://www.openwall.com/lists/oss-security/2016/10/23/3
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2016/10/23/3
8
reference_url http://www.openwall.com/lists/oss-security/2016/10/23/6
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2016/10/23/6
9
reference_url http://www.securityfocus.com/bid/93835
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/93835
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1388828
reference_id 1388828
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1388828
11
reference_url https://security.archlinux.org/ASA-201612-9
reference_id ASA-201612-9
reference_type
scores
url https://security.archlinux.org/ASA-201612-9
12
reference_url https://security.archlinux.org/AVG-14
reference_id AVG-14
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-14
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-8887
reference_id CVE-2016-8887
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
1
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2016-8887
17
reference_url https://usn.ubuntu.com/3693-1/
reference_id USN-3693-1
reference_type
scores
url https://usn.ubuntu.com/3693-1/
Weaknesses
0
cwe_id 456
name Missing Initialization of a Variable
description The product does not initialize critical variables, which causes the execution environment to use unexpected values.
1
cwe_id 476
name NULL Pointer Dereference
description A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Exploits
Severity_range_score1.9 - 10.0
Exploitability0.5
Weighted_severity9.0
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-1e4z-zk1w-33fw