rpm package

opensuse/jasper&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/jasper&distro=openSUSE%20Tumbleweed

Vulnerabilities (78)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2018-19539		—	< 2.0.33-1.2	2.0.33-1.2	Nov 26, 2018	An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.
CVE-2018-19139		—	< 2.0.33-1.2	2.0.33-1.2	Nov 9, 2018	An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
CVE-2018-18873		—	< 2.0.33-1.2	2.0.33-1.2	Oct 31, 2018	An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.
CVE-2016-9583		—	< 2.0.33-1.2	2.0.33-1.2	Aug 1, 2018	An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.
CVE-2016-8654		—	< 1.900.14-3.1	1.900.14-3.1	Aug 1, 2018	A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.
CVE-2018-9154		—	< 2.0.33-1.2	2.0.33-1.2	May 4, 2018	There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745.
CVE-2018-9252		—	< 2.0.33-1.2	2.0.33-1.2	Apr 4, 2018	JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.
CVE-2018-9055		—	< 2.0.33-1.2	2.0.33-1.2	Mar 27, 2018	JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c.
CVE-2016-9600		—	< 2.0.33-1.2	2.0.33-1.2	Mar 12, 2018	JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.
CVE-2016-9591		—	< 2.0.33-1.2	2.0.33-1.2	Mar 9, 2018	JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.
CVE-2017-14132	Med	6.5	< 2.0.33-1.2	2.0.33-1.2	Sep 4, 2017	JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4,
CVE-2017-13750	Hig	7.5	< 2.0.33-1.2	2.0.33-1.2	Aug 29, 2017	There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-13748	Hig	7.5	< 2.0.33-1.2	2.0.33-1.2	Aug 29, 2017	There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack.
CVE-2015-5203	Med	5.5	< 1.900.14-3.1	1.900.14-3.1	Aug 2, 2017	Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
CVE-2015-5221	Med	5.5	< 1.900.14-3.1	1.900.14-3.1	Jul 25, 2017	Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
CVE-2017-1000050	Hig	7.5	< 2.0.33-1.2	2.0.33-1.2	Jul 17, 2017	JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
CVE-2016-8884	Med	5.5	< 1.900.14-3.1	1.900.14-3.1	Mar 28, 2017	The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016
CVE-2016-9557	Med	5.5	< 2.0.33-1.2	2.0.33-1.2	Mar 23, 2017	Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVE-2016-9399	Hig	7.5	< 2.0.33-1.2	2.0.33-1.2	Mar 23, 2017	The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2016-9398	Hig	7.5	< 1.900.14-3.1	1.900.14-3.1	Mar 23, 2017	The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

CVE-2018-19539Nov 26, 2018
affected < 2.0.33-1.2fixed 2.0.33-1.2
An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.
CVE-2018-19139Nov 9, 2018
affected < 2.0.33-1.2fixed 2.0.33-1.2
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
CVE-2018-18873Oct 31, 2018
affected < 2.0.33-1.2fixed 2.0.33-1.2
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.
CVE-2016-9583Aug 1, 2018
affected < 2.0.33-1.2fixed 2.0.33-1.2
An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.
CVE-2016-8654Aug 1, 2018
affected < 1.900.14-3.1fixed 1.900.14-3.1
A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.
CVE-2018-9154May 4, 2018
affected < 2.0.33-1.2fixed 2.0.33-1.2
There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745.
CVE-2018-9252Apr 4, 2018
affected < 2.0.33-1.2fixed 2.0.33-1.2
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.
CVE-2018-9055Mar 27, 2018
affected < 2.0.33-1.2fixed 2.0.33-1.2
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c.
CVE-2016-9600Mar 12, 2018
affected < 2.0.33-1.2fixed 2.0.33-1.2
JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.
CVE-2016-9591Mar 9, 2018
affected < 2.0.33-1.2fixed 2.0.33-1.2
JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.
CVE-2017-14132MedSep 4, 2017
affected < 2.0.33-1.2fixed 2.0.33-1.2
JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4,
CVE-2017-13750HigAug 29, 2017
affected < 2.0.33-1.2fixed 2.0.33-1.2
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-13748HigAug 29, 2017
affected < 2.0.33-1.2fixed 2.0.33-1.2
There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack.
CVE-2015-5203MedAug 2, 2017
affected < 1.900.14-3.1fixed 1.900.14-3.1
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
CVE-2015-5221MedJul 25, 2017
affected < 1.900.14-3.1fixed 1.900.14-3.1
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
CVE-2017-1000050HigJul 17, 2017
affected < 2.0.33-1.2fixed 2.0.33-1.2
JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
CVE-2016-8884MedMar 28, 2017
affected < 1.900.14-3.1fixed 1.900.14-3.1
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016
CVE-2016-9557MedMar 23, 2017
affected < 2.0.33-1.2fixed 2.0.33-1.2
Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVE-2016-9399HigMar 23, 2017
affected < 2.0.33-1.2fixed 2.0.33-1.2
The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
CVE-2016-9398HigMar 23, 2017
affected < 1.900.14-3.1fixed 1.900.14-3.1
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

Page 2 of 4