CVE-2016-10248: Null Pointer Dereference
First published: Wed Mar 15 2017(Updated: )
Last updated 24 July 2024
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/jasper | ||
| redhat/jasper | <1.900.9 | 1.900.9 |
| Jasper Reports | <=1.900.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/93797
- https://access.redhat.com/errata/RHSA-2017:1208
- https://blogs.gentoo.org/ago/2016/10/20/jasper-null-pointer-dereference-in-jpc_tsfb_synthesize-jpc_tsfb-c/
- https://github.com/mdadams/jasper/commit/2e82fa00466ae525339754bb3ab0a0474a31d4bd
- https://usn.ubuntu.com/3693-1/
- https://launchpad.net/bugs/cve/CVE-2016-10248
- https://www.openwall.com/lists/oss-security/2016/10/20/5
- https://security-tracker.debian.org/tracker/CVE-2016-10248
- http://seclists.org/oss-sec/2017/q1/606
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1434466
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1434467
- https://github.com/mdadams/jasper/issues/39
- https://bugzilla.redhat.com/show_bug.cgi?id=1434447
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10248
- https://nvd.nist.gov/vuln/detail/CVE-2016-10248
- https://ubuntu.com/security/CVE-2016-10248
Frequently Asked Questions
What is the severity of CVE-2016-10248?
CVE-2016-10248 is classified as a medium severity vulnerability due to its potential to cause a null pointer dereference.
How do I fix CVE-2016-10248?
To fix CVE-2016-10248, upgrade to jasper version 1.900.9 or later if you are using Red Hat, or ensure you are updated beyond version 1.900.8 if you are using other distributions.
What software is affected by CVE-2016-10248?
CVE-2016-10248 affects jasper versions up to and including 1.900.8 for multiple distributions, including Debian and Red Hat.
What is a null pointer dereference as seen in CVE-2016-10248?
A null pointer dereference in CVE-2016-10248 occurs when the software attempts to access an object or variable that hasn't been initialized, leading to potential crashes or unpredictable behavior.
Is there an upstream patch for CVE-2016-10248?
Yes, there is an upstream patch available for CVE-2016-10248 which addresses the null pointer dereference issue in the affected software.
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/remedy
- agent/author
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-10248
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- package-manager/debian
- package-manager/redhat
- vendor/jasper project
- canonical/jasper reports
- version/jasper reports/1.900.8