VYPR

rpm package

opensuse/jasper&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/jasper&distro=openSUSE%20Tumbleweed

Vulnerabilities (78)

  • CVE-2025-8837MedAug 11, 2025
    affected < 4.2.8-2.1fixed 4.2.8-2.1

    A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disc

  • CVE-2025-8836LowAug 11, 2025
    affected < 4.2.8-2.1fixed 4.2.8-2.1

    A vulnerability was determined in JasPer up to 4.2.5. Affected by this issue is the function jpc_floorlog2 of the file src/libjasper/jpc/jpc_enc.c of the component JPEG2000 Encoder. The manipulation leads to reachable assertion. The attack needs to be approached locally. The expl

  • CVE-2025-8835LowAug 11, 2025
    affected < 4.2.8-2.1fixed 4.2.8-2.1

    A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jas_image_chclrspc of the file src/libjasper/base/jas_image.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible

  • CVE-2024-31744HigApr 19, 2024
    affected < 4.2.3-2.1fixed 4.2.3-2.1

    In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file.

  • CVE-2023-51257Jan 16, 2024
    affected < 4.1.2-1.1fixed 4.1.2-1.1

    An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.

  • CVE-2022-2963Oct 14, 2022
    affected < 3.0.6-2.1fixed 3.0.6-2.1

    A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault.

  • CVE-2022-40755Sep 16, 2022
    affected < 4.0.0-1.1fixed 4.0.0-1.1

    JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c.

  • CVE-2021-27845Jul 15, 2021
    affected < 4.0.0-2.1fixed 4.0.0-2.1

    A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c

  • CVE-2021-3467Mar 25, 2021
    affected < 4.0.0-2.1fixed 4.0.0-2.1

    A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.

  • CVE-2021-3443Mar 25, 2021
    affected < 4.0.0-2.1fixed 4.0.0-2.1

    A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.

  • CVE-2021-26927Feb 23, 2021
    affected < 4.0.0-2.1fixed 4.0.0-2.1

    A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.

  • CVE-2021-26926Feb 23, 2021
    affected < 4.0.0-2.1fixed 4.0.0-2.1

    A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.

  • CVE-2021-3272Jan 27, 2021
    affected < 2.0.33-1.2fixed 2.0.33-1.2

    jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.

  • CVE-2020-27828Dec 11, 2020
    affected < 2.0.33-1.2fixed 2.0.33-1.2

    There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.

  • CVE-2018-20622Dec 31, 2018
    affected < 2.0.33-1.2fixed 2.0.33-1.2

    JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used.

  • CVE-2018-20570Dec 28, 2018
    affected < 2.0.33-1.2fixed 2.0.33-1.2

    jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.

  • CVE-2018-19543Nov 26, 2018
    affected < 2.0.33-1.2fixed 2.0.33-1.2

    An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.

  • CVE-2018-19542Nov 26, 2018
    affected < 2.0.33-1.2fixed 2.0.33-1.2

    An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.

  • CVE-2018-19541Nov 26, 2018
    affected < 2.0.33-1.2fixed 2.0.33-1.2

    An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2

  • CVE-2018-19540Nov 26, 2018
    affected < 2.0.33-1.2fixed 2.0.33-1.2

    An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2

Page 1 of 4