VYPR

Jasper

by Jasper Project

Source repositories

CVEs (96)

  • CVE-2016-8883MedJan 13, 2017
    risk 0.36cvss 5.5epss 0.01

    The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

  • CVE-2016-8882MedJan 13, 2017
    risk 0.36cvss 5.5epss 0.02

    The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

  • CVE-2025-8837MedAug 11, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been…

  • CVE-2016-9583MedAug 1, 2018
    risk 0.29cvss 5.5epss 0.02

    An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

  • CVE-2015-5221MedJul 25, 2017
    risk 0.29cvss 5.5epss 0.02

    Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

  • CVE-2025-8836LowAug 11, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was determined in JasPer up to 4.2.5. Affected by this issue is the function jpc_floorlog2 of the file src/libjasper/jpc/jpc_enc.c of the component JPEG2000 Encoder. The manipulation leads to reachable assertion. The attack needs to be approached locally. The…

  • CVE-2025-8835LowAug 11, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jas_image_chclrspc of the file src/libjasper/base/jas_image.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible…

  • CVE-2014-8158Jan 26, 2015
    risk 0.01cvss epss 0.14

    Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.

  • CVE-2014-8157Jan 26, 2015
    risk 0.01cvss epss 0.17

    Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.

  • CVE-2014-8138Dec 24, 2014
    risk 0.01cvss epss 0.18

    Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.

  • CVE-2014-8137Dec 24, 2014
    risk 0.01cvss epss 0.15

    Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.

  • CVE-2014-9029Dec 8, 2014
    risk 0.01cvss epss 0.18

    Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.

  • CVE-2011-4517Dec 15, 2011
    risk 0.01cvss epss 0.11

    The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory…

  • CVE-2011-4516Dec 15, 2011
    risk 0.01cvss epss 0.11

    Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker…

  • CVE-2023-51257Jan 16, 2024
    risk 0.00cvss epss 0.00

    An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.

  • CVE-2022-2963Oct 14, 2022
    risk 0.00cvss epss 0.01

    A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault.

  • CVE-2022-40755Sep 16, 2022
    risk 0.00cvss epss 0.00

    JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c.

  • CVE-2021-3467Mar 25, 2021
    risk 0.00cvss epss 0.01

    A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.

  • CVE-2021-3443Mar 25, 2021
    risk 0.00cvss epss 0.01

    A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.

  • CVE-2021-26927Feb 23, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.

Page 4 of 5