VYPR

Jasper

by Jasper Project

Source repositories

CVEs (96)

  • CVE-2016-9391HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.04

    The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.

  • CVE-2016-9389HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.04

    The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).

  • CVE-2016-8654HigAug 1, 2018
    risk 0.44cvss 7.8epss 0.02

    A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.

  • CVE-2016-10251HigMar 15, 2017
    risk 0.44cvss 7.8epss 0.02

    Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.

  • CVE-2016-10249HigMar 15, 2017
    risk 0.44cvss 7.8epss 0.02

    Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.

  • CVE-2024-31744HigApr 19, 2024
    risk 0.42cvss 7.5epss 0.01

    In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file.

  • CVE-2017-14132MedSep 4, 2017
    risk 0.42cvss 6.5epss 0.02

    JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4,…

  • CVE-2016-10250HigMar 15, 2017
    risk 0.42cvss 7.5epss 0.04

    The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for…

  • CVE-2016-10248HigMar 15, 2017
    risk 0.42cvss 7.5epss 0.04

    The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.

  • CVE-2016-2089MedFeb 8, 2016
    risk 0.42cvss 6.5epss 0.03

    The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.

  • CVE-2016-1867MedJan 20, 2016
    risk 0.42cvss 6.5epss 0.02

    The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.

  • CVE-2016-2116MedApr 13, 2016
    risk 0.37cvss 5.7epss 0.03

    Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.

  • CVE-2018-9055MedMar 27, 2018
    risk 0.36cvss 5.5epss 0.02

    JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c.

  • CVE-2016-9591MedMar 9, 2018
    risk 0.36cvss 5.5epss 0.01

    JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.

  • CVE-2015-5203MedAug 2, 2017
    risk 0.36cvss 5.5epss 0.02

    Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

  • CVE-2017-9782MedJun 21, 2017
    risk 0.36cvss 5.5epss 0.02

    JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c.

  • CVE-2016-8884MedMar 28, 2017
    risk 0.36cvss 5.5epss 0.02

    The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for…

  • CVE-2016-9557MedMar 23, 2017
    risk 0.36cvss 5.5epss 0.02

    Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.

  • CVE-2016-9395MedMar 23, 2017
    risk 0.36cvss 5.5epss 0.01

    The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

  • CVE-2016-9394MedMar 23, 2017
    risk 0.36cvss 5.5epss 0.02

    The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

Page 2 of 5