rpm package

opensuse/jasper&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/jasper&distro=openSUSE%20Tumbleweed

Vulnerabilities (78)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-8693	Hig	7.8	< 1.900.14-3.1	1.900.14-3.1	Feb 15, 2017	Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
CVE-2016-8692	Med	5.5	< 1.900.14-3.1	1.900.14-3.1	Feb 15, 2017	The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.
CVE-2016-8691	Med	5.5	< 1.900.14-3.1	1.900.14-3.1	Feb 15, 2017	The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.
CVE-2016-8690	Med	5.5	< 1.900.14-3.1	1.900.14-3.1	Feb 15, 2017	The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.
CVE-2016-8883	Med	5.5	< 1.900.14-3.1	1.900.14-3.1	Jan 13, 2017	The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVE-2016-8882	Med	5.5	< 1.900.14-3.1	1.900.14-3.1	Jan 13, 2017	The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
CVE-2016-2116	Med	5.7	< 1.900.14-3.1	1.900.14-3.1	Apr 13, 2016	Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.
CVE-2016-1577	Hig	7.6	< 1.900.14-3.1	1.900.14-3.1	Apr 13, 2016	Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than
CVE-2016-2089	Med	6.5	< 1.900.14-3.1	1.900.14-3.1	Feb 8, 2016	The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.
CVE-2016-1867	Med	6.5	< 1.900.14-3.1	1.900.14-3.1	Jan 20, 2016	The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
CVE-2014-8158		—	< 1.900.14-3.1	1.900.14-3.1	Jan 26, 2015	Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.
CVE-2014-8157		—	< 1.900.14-3.1	1.900.14-3.1	Jan 26, 2015	Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
CVE-2014-8138		—	< 1.900.14-3.1	1.900.14-3.1	Dec 24, 2014	Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.
CVE-2014-8137		—	< 1.900.14-3.1	1.900.14-3.1	Dec 24, 2014	Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.
CVE-2014-9029		—	< 1.900.14-3.1	1.900.14-3.1	Dec 8, 2014	Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
CVE-2011-4517		—	< 1.900.14-3.1	1.900.14-3.1	Dec 15, 2011	The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory cor
CVE-2011-4516		—	< 1.900.14-3.1	1.900.14-3.1	Dec 15, 2011	Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segme
CVE-2008-3522		—	< 1.900.14-3.1	1.900.14-3.1	Oct 2, 2008	Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.

CVE-2016-8693HigFeb 15, 2017
affected < 1.900.14-3.1fixed 1.900.14-3.1
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
CVE-2016-8692MedFeb 15, 2017
affected < 1.900.14-3.1fixed 1.900.14-3.1
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.
CVE-2016-8691MedFeb 15, 2017
affected < 1.900.14-3.1fixed 1.900.14-3.1
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.
CVE-2016-8690MedFeb 15, 2017
affected < 1.900.14-3.1fixed 1.900.14-3.1
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.
CVE-2016-8883MedJan 13, 2017
affected < 1.900.14-3.1fixed 1.900.14-3.1
The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVE-2016-8882MedJan 13, 2017
affected < 1.900.14-3.1fixed 1.900.14-3.1
The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
CVE-2016-2116MedApr 13, 2016
affected < 1.900.14-3.1fixed 1.900.14-3.1
Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.
CVE-2016-1577HigApr 13, 2016
affected < 1.900.14-3.1fixed 1.900.14-3.1
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than
CVE-2016-2089MedFeb 8, 2016
affected < 1.900.14-3.1fixed 1.900.14-3.1
The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.
CVE-2016-1867MedJan 20, 2016
affected < 1.900.14-3.1fixed 1.900.14-3.1
The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
CVE-2014-8158Jan 26, 2015
affected < 1.900.14-3.1fixed 1.900.14-3.1
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.
CVE-2014-8157Jan 26, 2015
affected < 1.900.14-3.1fixed 1.900.14-3.1
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
CVE-2014-8138Dec 24, 2014
affected < 1.900.14-3.1fixed 1.900.14-3.1
Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.
CVE-2014-8137Dec 24, 2014
affected < 1.900.14-3.1fixed 1.900.14-3.1
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.
CVE-2014-9029Dec 8, 2014
affected < 1.900.14-3.1fixed 1.900.14-3.1
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
CVE-2011-4517Dec 15, 2011
affected < 1.900.14-3.1fixed 1.900.14-3.1
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory cor
CVE-2011-4516Dec 15, 2011
affected < 1.900.14-3.1fixed 1.900.14-3.1
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segme
CVE-2008-3522Oct 2, 2008
affected < 1.900.14-3.1fixed 1.900.14-3.1
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.

Page 4 of 4