rpm package
suse/jasper&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4
pkg:rpm/suse/jasper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3272 | — | < 1.900.14-195.25.1 | 1.900.14-195.25.1 | Jan 27, 2021 | jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components. | ||
| CVE-2020-27828 | — | < 1.900.14-195.25.1 | 1.900.14-195.25.1 | Dec 11, 2020 | There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability. | ||
| CVE-2018-19542 | — | < 1.900.14-195.15.1 | 1.900.14-195.15.1 | Nov 26, 2018 | An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service. | ||
| CVE-2018-19541 | — | < 1.900.14-195.15.1 | 1.900.14-195.15.1 | Nov 26, 2018 | An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2 | ||
| CVE-2018-19540 | — | < 1.900.14-195.15.1 | 1.900.14-195.15.1 | Nov 26, 2018 | An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2 | ||
| CVE-2018-19539 | — | < 1.900.14-195.15.1 | 1.900.14-195.15.1 | Nov 26, 2018 | An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service. | ||
| CVE-2016-9396 | Hig | 7.5 | < 1.900.14-195.15.1 | 1.900.14-195.15.1 | Mar 23, 2017 | The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors. |
- CVE-2021-3272Jan 27, 2021affected < 1.900.14-195.25.1fixed 1.900.14-195.25.1
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.
- CVE-2020-27828Dec 11, 2020affected < 1.900.14-195.25.1fixed 1.900.14-195.25.1
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.
- CVE-2018-19542Nov 26, 2018affected < 1.900.14-195.15.1fixed 1.900.14-195.15.1
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.
- CVE-2018-19541Nov 26, 2018affected < 1.900.14-195.15.1fixed 1.900.14-195.15.1
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2
- CVE-2018-19540Nov 26, 2018affected < 1.900.14-195.15.1fixed 1.900.14-195.15.1
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2
- CVE-2018-19539Nov 26, 2018affected < 1.900.14-195.15.1fixed 1.900.14-195.15.1
An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.
- affected < 1.900.14-195.15.1fixed 1.900.14-195.15.1
The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.