CVE-2016-8880

Publication date 13 January 2017

Last updated 4 August 2025

Ubuntu priority

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4516. Reason: This candidate is a duplicate of CVE-2011-4516. Notes: All CVE users should reference CVE-2011-4516 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
ghostscript	17.04 zesty	Not affected
	16.10 yakkety	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not affected
jasper	17.04 zesty	Not in release
	16.10 yakkety	Ignored
	16.04 LTS xenial	Ignored
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Ignored end of life
netpbm-free	17.04 zesty	Not affected
	16.10 yakkety	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not affected

Notes

jdstrand

netpbm-free in Debian/Ubuntu is a fork of netpbm and does not contain jasper

sbeattie

reproducer available in bug report upstream claims fixed in 1.900.8, but (a) doesn't know which commit fixed it, and (b) probably should be verified

mdeslaur

duplicate of CVE-2011-4516