Jasper
Source repositories
CVEs (96)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-3272 | 0.00 | — | 0.01 | Jan 27, 2021 | jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components. | |||
| CVE-2020-27828 | 0.00 | — | 0.01 | Dec 11, 2020 | There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability. | |||
| CVE-2015-8751 | 0.00 | — | 0.02 | Feb 17, 2020 | Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation. | |||
| CVE-2018-20622 | 0.00 | — | 0.03 | Dec 31, 2018 | JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used. | |||
| CVE-2018-20584 | 0.00 | — | 0.03 | Dec 30, 2018 | JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format. | |||
| CVE-2018-20570 | 0.00 | — | 0.02 | Dec 28, 2018 | jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read. | |||
| CVE-2018-19542 | 0.00 | — | 0.02 | Nov 26, 2018 | An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service. | |||
| CVE-2018-19540 | 0.00 | — | 0.02 | Nov 26, 2018 | An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0,… | |||
| CVE-2018-19539 | 0.00 | — | 0.02 | Nov 26, 2018 | An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service. | |||
| CVE-2018-19543 | 0.00 | — | 0.02 | Nov 26, 2018 | An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c. | |||
| CVE-2018-19541 | 0.00 | — | 0.03 | Nov 26, 2018 | An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0,… | |||
| CVE-2018-19139 | 0.00 | — | 0.02 | Nov 9, 2018 | An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c. | |||
| CVE-2018-18873 | 0.00 | — | 0.01 | Oct 31, 2018 | An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c. | |||
| CVE-2008-3522 | 0.00 | — | 0.05 | Oct 2, 2008 | Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. | |||
| CVE-2008-3521 | 0.00 | — | 0.00 | Oct 2, 2008 | Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally… | |||
| CVE-2008-3520 | 0.00 | — | 0.03 | Oct 2, 2008 | Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation. |
- CVE-2021-3272Jan 27, 2021risk 0.00cvss —epss 0.01
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.
- CVE-2020-27828Dec 11, 2020risk 0.00cvss —epss 0.01
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.
- CVE-2015-8751Feb 17, 2020risk 0.00cvss —epss 0.02
Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation.
- CVE-2018-20622Dec 31, 2018risk 0.00cvss —epss 0.03
JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used.
- CVE-2018-20584Dec 30, 2018risk 0.00cvss —epss 0.03
JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.
- CVE-2018-20570Dec 28, 2018risk 0.00cvss —epss 0.02
jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.
- CVE-2018-19542Nov 26, 2018risk 0.00cvss —epss 0.02
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.
- CVE-2018-19540Nov 26, 2018risk 0.00cvss —epss 0.02
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0,…
- CVE-2018-19539Nov 26, 2018risk 0.00cvss —epss 0.02
An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.
- CVE-2018-19543Nov 26, 2018risk 0.00cvss —epss 0.02
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.
- CVE-2018-19541Nov 26, 2018risk 0.00cvss —epss 0.03
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0,…
- CVE-2018-19139Nov 9, 2018risk 0.00cvss —epss 0.02
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
- CVE-2018-18873Oct 31, 2018risk 0.00cvss —epss 0.01
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.
- CVE-2008-3522Oct 2, 2008risk 0.00cvss —epss 0.05
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.
- CVE-2008-3521Oct 2, 2008risk 0.00cvss —epss 0.00
Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally…
- CVE-2008-3520Oct 2, 2008risk 0.00cvss —epss 0.03
Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.
Page 5 of 5