Jasper
Sign in to watchSource repositories
CVEs (56)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-6852 | Hig | 0.51 | 7.8 | 0.01 | Mar 15, 2017 | Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image. | |
| CVE-2016-10251 | Hig | 0.51 | 7.8 | 0.00 | Mar 15, 2017 | Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value. | |
| CVE-2016-10249 | Hig | 0.51 | 7.8 | 0.01 | Mar 15, 2017 | Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow. | |
| CVE-2016-8693 | Hig | 0.51 | 7.8 | 0.01 | Feb 15, 2017 | Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command. | |
| CVE-2016-1577 | Hig | 0.50 | 7.6 | 0.10 | Apr 13, 2016 | Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137. | |
| CVE-2017-14229 | Hig | 0.49 | 7.5 | 0.01 | Sep 9, 2017 | There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack. | |
| CVE-2017-13752 | Hig | 0.49 | 7.5 | 0.01 | Aug 29, 2017 | There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |
| CVE-2017-13751 | Hig | 0.49 | 7.5 | 0.01 | Aug 29, 2017 | There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |
| CVE-2017-13750 | Hig | 0.49 | 7.5 | 0.02 | Aug 29, 2017 | There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack. | |
| CVE-2017-13749 | Hig | 0.49 | 7.5 | 0.01 | Aug 29, 2017 | There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |
| CVE-2017-13748 | Hig | 0.49 | 7.5 | 0.03 | Aug 29, 2017 | There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. | |
| CVE-2017-13747 | Hig | 0.49 | 7.5 | 0.01 | Aug 29, 2017 | There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |
| CVE-2017-13745 | Hig | 0.49 | 7.5 | 0.01 | Aug 29, 2017 | There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154. | |
| CVE-2017-1000050 | Hig | 0.49 | 7.5 | 0.02 | Jul 17, 2017 | JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. | |
| CVE-2016-9399 | Hig | 0.49 | 7.5 | 0.02 | Mar 23, 2017 | The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | |
| CVE-2016-9398 | Hig | 0.49 | 7.5 | 0.04 | Mar 23, 2017 | The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | |
| CVE-2016-9397 | Hig | 0.49 | 7.5 | 0.02 | Mar 23, 2017 | The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | |
| CVE-2016-9396 | Hig | 0.49 | 7.5 | 0.05 | Mar 23, 2017 | The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors. | |
| CVE-2016-10250 | Hig | 0.49 | 7.5 | 0.01 | Mar 15, 2017 | The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887. | |
| CVE-2017-14132 | Med | 0.42 | 6.5 | 0.01 | Sep 4, 2017 | JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c. |
Page 1 of 3