Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-87vn-adcw-37bh

Summary jasper: missing jas_matrix_create() parameter checks

Aliases

alias	CVE-2016-8884

Fixed_packages

url	pkg:alpm/archlinux/jasper@1.900.31-1
purl	pkg:alpm/archlinux/jasper@1.900.31-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/jasper@1.900.31-1

Affected_packages

url pkg:alpm/archlinux/jasper@1.900.1-15

purl pkg:alpm/archlinux/jasper@1.900.1-15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e4z-zk1w-33fw

vulnerability	VCID-1mns-2axr-w3a1

vulnerability	VCID-273p-y942-ekes

vulnerability	VCID-2hkv-yn4v-6kcy

vulnerability	VCID-3m5a-x31m-wqhs

vulnerability	VCID-6qcp-9kba-1khz

vulnerability	VCID-87vn-adcw-37bh

vulnerability	VCID-932v-xwug-nbfy

vulnerability	VCID-9cz2-djvk-quc6

vulnerability	VCID-9hdt-gf9q-skh8

vulnerability	VCID-9kqw-qv6w-zugt

vulnerability	VCID-aehh-ywwn-byee

vulnerability	VCID-ckw2-w524-k3gz

vulnerability	VCID-d9ga-c25d-mfg5

vulnerability	VCID-dfkc-hyp3-6kbd

vulnerability	VCID-f3xd-54ke-1bf6

vulnerability	VCID-hc16-adzw-5fbz

vulnerability	VCID-hmxs-jxny-j7bg

vulnerability	VCID-hz9e-rv14-wfhm

vulnerability	VCID-m85g-54qv-h3at

vulnerability	VCID-m93b-k4b2-zye1

vulnerability	VCID-p4ue-y733-1ubd

vulnerability	VCID-ptkv-jw36-cbar

vulnerability	VCID-tqtm-achn-z3fg

vulnerability	VCID-yqjj-75r1-b3ht

vulnerability	VCID-zhwp-sauu-b3g6

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/jasper@1.900.1-15

url pkg:rpm/redhat/jasper@1.900.1-21?arch=el6_9

purl pkg:rpm/redhat/jasper@1.900.1-21?arch=el6_9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mns-2axr-w3a1

vulnerability	VCID-3m5a-x31m-wqhs

vulnerability	VCID-6qcp-9kba-1khz

vulnerability	VCID-7m7h-qxef-xfec

vulnerability	VCID-87vn-adcw-37bh

vulnerability	VCID-9cz2-djvk-quc6

vulnerability	VCID-9hdt-gf9q-skh8

vulnerability	VCID-aehh-ywwn-byee

vulnerability	VCID-bpmw-qhm1-audu

vulnerability	VCID-cs69-t6yr-zubs

vulnerability	VCID-d8pr-auwp-x7gd

vulnerability	VCID-d9ga-c25d-mfg5

vulnerability	VCID-dfkc-hyp3-6kbd

vulnerability	VCID-fjpb-8pyh-67cb

vulnerability	VCID-grw9-sn4c-57aj

vulnerability	VCID-hc16-adzw-5fbz

vulnerability	VCID-hdut-23jk-nfc5

vulnerability	VCID-hmxs-jxny-j7bg

vulnerability	VCID-hq12-wrsv-qffj

vulnerability	VCID-k363-jg3m-1yhz

vulnerability	VCID-kucv-63eu-cueq

vulnerability	VCID-m93b-k4b2-zye1

vulnerability	VCID-np35-vr8e-wqa9

vulnerability	VCID-nwcp-qs7v-nfaa

vulnerability	VCID-ptkv-jw36-cbar

vulnerability	VCID-rnuc-wtg3-r3cc

vulnerability	VCID-wpup-kuqp-fbeb

vulnerability	VCID-wrwt-qqrc-s7at

vulnerability	VCID-ykxn-bbsr-nycu

vulnerability	VCID-zhwp-sauu-b3g6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jasper@1.900.1-21%3Farch=el6_9

url pkg:rpm/redhat/jasper@1.900.1-30?arch=el7_3

purl pkg:rpm/redhat/jasper@1.900.1-30?arch=el7_3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mns-2axr-w3a1

vulnerability	VCID-3m5a-x31m-wqhs

vulnerability	VCID-6qcp-9kba-1khz

vulnerability	VCID-7m7h-qxef-xfec

vulnerability	VCID-87vn-adcw-37bh

vulnerability	VCID-9cz2-djvk-quc6

vulnerability	VCID-9hdt-gf9q-skh8

vulnerability	VCID-aehh-ywwn-byee

vulnerability	VCID-bpmw-qhm1-audu

vulnerability	VCID-cs69-t6yr-zubs

vulnerability	VCID-d8pr-auwp-x7gd

vulnerability	VCID-d9ga-c25d-mfg5

vulnerability	VCID-dfkc-hyp3-6kbd

vulnerability	VCID-fjpb-8pyh-67cb

vulnerability	VCID-grw9-sn4c-57aj

vulnerability	VCID-hc16-adzw-5fbz

vulnerability	VCID-hdut-23jk-nfc5

vulnerability	VCID-hmxs-jxny-j7bg

vulnerability	VCID-hq12-wrsv-qffj

vulnerability	VCID-k363-jg3m-1yhz

vulnerability	VCID-kucv-63eu-cueq

vulnerability	VCID-m93b-k4b2-zye1

vulnerability	VCID-np35-vr8e-wqa9

vulnerability	VCID-nwcp-qs7v-nfaa

vulnerability	VCID-ptkv-jw36-cbar

vulnerability	VCID-rnuc-wtg3-r3cc

vulnerability	VCID-wpup-kuqp-fbeb

vulnerability	VCID-wrwt-qqrc-s7at

vulnerability	VCID-ykxn-bbsr-nycu

vulnerability	VCID-zhwp-sauu-b3g6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jasper@1.900.1-30%3Farch=el7_3

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8884.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8884.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-8884

reference_id

reference_type

scores

value	0.00407
scoring_system	epss
scoring_elements	0.61029
published_at	2026-04-01T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61192
published_at	2026-04-16T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61164
published_at	2026-04-09T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61184
published_at	2026-04-11T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61171
published_at	2026-04-12T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61151
published_at	2026-04-13T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61106
published_at	2026-04-02T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61134
published_at	2026-04-04T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61101
published_at	2026-04-07T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61148
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-8884

reference_url	https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690/
reference_id
reference_type
scores
url	https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690/

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	1.9
scoring_system	cvssv2
scoring_elements	AV:L/AC:M/Au:N/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/mdadams/jasper/commit/5d66894d2313e3f3469f19066e149e08ff076698
reference_id
reference_type
scores
url	https://github.com/mdadams/jasper/commit/5d66894d2313e3f3469f19066e149e08ff076698

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/

reference_url	http://www.openwall.com/lists/oss-security/2016/10/23/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2016/10/23/1

reference_url	http://www.openwall.com/lists/oss-security/2016/10/23/9
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2016/10/23/9

reference_url	http://www.securityfocus.com/bid/93834
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/93834

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1385499
reference_id	1385499
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1385499

reference_url	https://security.archlinux.org/ASA-201612-9
reference_id	ASA-201612-9
reference_type
scores
url	https://security.archlinux.org/ASA-201612-9

reference_url

https://security.archlinux.org/AVG-14

reference_id

AVG-14

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-14

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jasper_project:jasper:1.900.5:::::::*
reference_id	cpe:2.3:a:jasper_project:jasper:1.900.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jasper_project:jasper:1.900.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:24:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:24:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-8884

reference_id

CVE-2016-8884

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-8884

reference_url	https://access.redhat.com/errata/RHSA-2017:1208
reference_id	RHSA-2017:1208
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1208

Weaknesses

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

cwe_id	476
name	NULL Pointer Dereference
description	A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Exploits

Severity_range_score 1.9 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-87vn-adcw-37bh

Vulnerability Instance