Jasper
Sign in to watchSource repositories
CVEs (56)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-1867 | Med | 0.42 | 6.5 | 0.01 | Jan 20, 2016 | The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image. | |
| CVE-2016-2116 | Med | 0.38 | 5.7 | 0.09 | Apr 13, 2016 | Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file. | |
| CVE-2015-5203 | Med | 0.36 | 5.5 | 0.01 | Aug 2, 2017 | Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | |
| CVE-2015-5221 | Med | 0.36 | 5.5 | 0.00 | Jul 25, 2017 | Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | |
| CVE-2017-9782 | Med | 0.36 | 5.5 | 0.00 | Jun 21, 2017 | JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c. | |
| CVE-2016-8884 | Med | 0.36 | 5.5 | 0.00 | Mar 28, 2017 | The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690. | |
| CVE-2016-9395 | Med | 0.36 | 5.5 | 0.00 | Mar 23, 2017 | The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | |
| CVE-2016-9394 | Med | 0.36 | 5.5 | 0.00 | Mar 23, 2017 | The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | |
| CVE-2016-9393 | Med | 0.36 | 5.5 | 0.00 | Mar 23, 2017 | The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | |
| CVE-2016-8887 | Med | 0.36 | 5.5 | 0.00 | Mar 23, 2017 | The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference). | |
| CVE-2017-5505 | Med | 0.36 | 5.5 | 0.00 | Mar 16, 2017 | The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image. | |
| CVE-2017-6851 | Med | 0.36 | 5.5 | 0.00 | Mar 15, 2017 | The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image. | |
| CVE-2017-6850 | Med | 0.36 | 5.5 | 0.00 | Mar 15, 2017 | The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image. | |
| CVE-2017-5504 | Med | 0.36 | 5.5 | 0.00 | Mar 1, 2017 | The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image. | |
| CVE-2017-5503 | Med | 0.36 | 5.5 | 0.00 | Mar 1, 2017 | The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image. | |
| CVE-2017-5502 | Med | 0.36 | 5.5 | 0.00 | Mar 1, 2017 | libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | |
| CVE-2017-5501 | Med | 0.36 | 5.5 | 0.00 | Mar 1, 2017 | Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file. | |
| CVE-2017-5500 | Med | 0.36 | 5.5 | 0.00 | Mar 1, 2017 | libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | |
| CVE-2017-5499 | Med | 0.36 | 5.5 | 0.00 | Mar 1, 2017 | Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file. | |
| CVE-2017-5498 | Med | 0.36 | 5.5 | 0.00 | Mar 1, 2017 | libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. |
Page 2 of 3